Hide Forgot
From: Thomas Bleher <bleher@informatik.uni-muenchen.de> To: Daniel J Walsh <dwalsh@redhat.com> Cc: SELinux <SELinux@tycho.nsa.gov> Subject: Re: Out of curiosity looking for suid apps without special context on FC3 * Daniel J Walsh <dwalsh@redhat.com> [2004-09-30 22:08]: >> These are the files that do not have special context associated with >> them but are suid on FC3. >> >> /usr/lib/mc/cons.saver->system_u:object_r:lib_t This program is used to save output of previous run programs when Midnight Commander is run in text mode on the Linux console (you can toggle to it with C-o) Nice functionality but not really essential. On Debian and strict SuSE config the file has mode 0755. Even though I use mc a lot I hadn't noticed till now so a case can probably be made to remove the suid bit. Thomas
I disagree. This is very useful behaviour.
Hi Dan, the cons.saver is suid vcsa because it has to have an access to /dev/vcsa* in order to save console screen contents. It should be suid vcsa. Should we add something in file_contexts to fix this?
Yes we will need a policy written for it to allow it to read /dev/vcsa*. It will not work in a strict policy machine. It will work fine with targetet policy. Dan
Upstream will probably soon merge the vcsa patch. I would say let's close this bug WONTFIX.
Leonard, is there any time estimation for that?
I wish I could give you one ;-) . Two items on the TODO list of which one is probably fixed. The vcsa patch has lingered a bit but should be merged within a couple of days (and before 4.6.1). This *could* be done in 2/3 weeks, but I can't say for sure. When the UTF-8 fixes are ready is harder to say. I have no idea when Vladimir will get to them. Of course somebody else could fix them before he does, but I don't see that happen.
On RHL this file has been suid vcsa for quite a while. This patch has now been merged upstream. This will not get fixed. Hence closing WONTFIX.