Bug 134277 - /usr/lib/mc/cons.saver is set suid
Summary: /usr/lib/mc/cons.saver is set suid
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: mc   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-09-30 20:29 UTC by Daniel Walsh
Modified: 2013-07-02 23:02 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-26 16:20:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel Walsh 2004-09-30 20:29:38 UTC
From: Thomas Bleher <bleher@informatik.uni-muenchen.de>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Out of curiosity looking for suid apps without special
context on FC3

* Daniel J Walsh <dwalsh@redhat.com> [2004-09-30 22:08]:

>> These are the files that do not have special context associated with 
>> them but are suid on FC3. 
>> 
>> /usr/lib/mc/cons.saver->system_u:object_r:lib_t


This program is used to save output of previous run programs when
Midnight Commander is run in text mode on the Linux console (you can
toggle to it with C-o)
Nice functionality but not really essential. On Debian and strict SuSE
config the file has mode 0755.
Even though I use mc a lot I hadn't noticed till now so a case can
probably be made to remove the suid bit.

Thomas

Comment 1 Leonard den Ottolander 2004-10-01 23:46:32 UTC
I disagree. This is very useful behaviour.


Comment 2 Jindrich Novy 2004-10-03 06:40:02 UTC
Hi Dan,
the cons.saver is suid vcsa because it has to have an access to
/dev/vcsa* in order to save console screen contents. It should be suid
vcsa. Should we add something in file_contexts to fix this?

Comment 3 Daniel Walsh 2004-10-04 13:48:51 UTC
Yes we will need a policy written for it to allow it to read /dev/vcsa*.
It will not work in a strict policy machine.

It will work fine with targetet policy.

Dan

Comment 4 Leonard den Ottolander 2004-10-04 14:09:52 UTC
Upstream will probably soon merge the vcsa patch.

I would say let's close this bug WONTFIX.


Comment 5 Jindrich Novy 2004-10-04 14:44:38 UTC
Leonard, is there any time estimation for that?

Comment 6 Leonard den Ottolander 2004-10-04 15:06:06 UTC
I wish I could give you one ;-) . Two items on the TODO list of which
one is probably fixed. The vcsa patch has lingered a bit but should be
merged within a couple of days (and before 4.6.1). This *could* be
done in 2/3 weeks, but I can't say for sure.

When the UTF-8 fixes are ready is harder to say. I have no idea when
Vladimir will get to them. Of course somebody else could fix them
before he does, but I don't see that happen.


Comment 7 Leonard den Ottolander 2004-10-26 16:20:31 UTC
On RHL this file has been suid vcsa for quite a while. This patch has
now been merged upstream.

This will not get fixed. Hence closing WONTFIX.



Note You need to log in before you can comment on or make changes to this bug.