Bug 134277 - /usr/lib/mc/cons.saver is set suid
/usr/lib/mc/cons.saver is set suid
Product: Fedora
Classification: Fedora
Component: mc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jindrich Novy
Depends On:
  Show dependency treegraph
Reported: 2004-09-30 16:29 EDT by Daniel Walsh
Modified: 2013-07-02 19:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-26 12:20:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Walsh 2004-09-30 16:29:38 EDT
From: Thomas Bleher <bleher@informatik.uni-muenchen.de>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Out of curiosity looking for suid apps without special
context on FC3

* Daniel J Walsh <dwalsh@redhat.com> [2004-09-30 22:08]:

>> These are the files that do not have special context associated with 
>> them but are suid on FC3. 
>> /usr/lib/mc/cons.saver->system_u:object_r:lib_t

This program is used to save output of previous run programs when
Midnight Commander is run in text mode on the Linux console (you can
toggle to it with C-o)
Nice functionality but not really essential. On Debian and strict SuSE
config the file has mode 0755.
Even though I use mc a lot I hadn't noticed till now so a case can
probably be made to remove the suid bit.

Comment 1 Leonard den Ottolander 2004-10-01 19:46:32 EDT
I disagree. This is very useful behaviour.
Comment 2 Jindrich Novy 2004-10-03 02:40:02 EDT
Hi Dan,
the cons.saver is suid vcsa because it has to have an access to
/dev/vcsa* in order to save console screen contents. It should be suid
vcsa. Should we add something in file_contexts to fix this?
Comment 3 Daniel Walsh 2004-10-04 09:48:51 EDT
Yes we will need a policy written for it to allow it to read /dev/vcsa*.
It will not work in a strict policy machine.

It will work fine with targetet policy.

Comment 4 Leonard den Ottolander 2004-10-04 10:09:52 EDT
Upstream will probably soon merge the vcsa patch.

I would say let's close this bug WONTFIX.
Comment 5 Jindrich Novy 2004-10-04 10:44:38 EDT
Leonard, is there any time estimation for that?
Comment 6 Leonard den Ottolander 2004-10-04 11:06:06 EDT
I wish I could give you one ;-) . Two items on the TODO list of which
one is probably fixed. The vcsa patch has lingered a bit but should be
merged within a couple of days (and before 4.6.1). This *could* be
done in 2/3 weeks, but I can't say for sure.

When the UTF-8 fixes are ready is harder to say. I have no idea when
Vladimir will get to them. Of course somebody else could fix them
before he does, but I don't see that happen.
Comment 7 Leonard den Ottolander 2004-10-26 12:20:31 EDT
On RHL this file has been suid vcsa for quite a while. This patch has
now been merged upstream.

This will not get fixed. Hence closing WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.