Bug 1724677

Summary: [RHEL-8.0/gstreamer1] Remove setuid permission from /usr/libexec/gstreamer-1.0/gst-ptp-helper
Product: Red Hat Enterprise Linux 8 Reporter: Marco Benatto <mbenatto>
Component: gstreamer1Assignee: Wim Taymans <wtaymans>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: csoriano, jkoten, kanderso, tpelka, wtaymans
Target Milestone: rc   
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gstreamer1-1.16.1-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 15:41:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marco Benatto 2019-06-27 14:07:33 UTC 
Description of problem:

The new binary /usr/libexec/gstreamer-1.0/gst-ptp-helper was introduced
on gstreamer1 package for RHEL-8.0 with setuid permissions.

During security audit, it was found it supports capability instead.
Given the information above, it's recommended to remove setuid permissions and replace it by capabilities.


Version-Release number of selected component (if applicable):
gstreamer1-v1.14.0-el8


Additional info:
Capabilities can be enabled by the following configure option:

--with-ptp-helper-permissions=capabilities

it'll probably also be needed to add libcap as Requires and libcap-devel as BuildRequires for this package.
Comment 7 errata-xmlrpc 2020-04-28 15:41:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1631