Bug 203839 - console perms
console perms
Product: Fedora
Classification: Fedora
Component: jfbterm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mamoru TASAKA
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-08-23 18:18 EDT by Paul F. Johnson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-16 11:07:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul F. Johnson 2006-08-23 18:18:51 EDT
Description of problem:

Could you please review your spec file in light of the thread on the
fedora-security list?


It seems that the console perms bit should be removed.
Comment 1 Mamoru TASAKA 2006-08-23 21:48:34 EDT
The binary (/usr/bin/jfbterm) really don't work without
* using sticky bit (like /usr/bin/kon in kon2 rpm) OR
* using console.perms method OR
* maybe using pam or consolehelper.
Without these, jfbterm fails with the error like
exec : /bin/bash can't open /dev/console

I don't know the whole mechanism of this package, however,
this binary (/usr/bin/jfbterm) needs device access for
/dev/console and /dev/tty0 .
When using console.perms method, the description in
60-jfbterm.perms is not redundant because
* the entry for /dev/console in 50-default.perms is only valid
  when logging in with GUI because /dev/console is managed by
  <xconsole>. The important purpose of jfbterm is to display
  multibyte characters on CUI , not when logging in with GUI
  (however, jfbterm seems to work with GUI). 
* Also, 50-default.perms don't have the entry for /dev/tty0.

The easiest way to deal with this is to set sticky bit on
jfbterm as 4755, however, without using it, the reasonable way
to use jfbterm is to use console.perms method.
IMO, using pam of consolehelper is nearly equal to use sticky
bit because jfbterm needs root authority without using console.perms
Comment 2 Mamoru TASAKA 2006-08-23 21:52:38 EDT

I meant IMO, using pam OR consolehelper is nearly equal to using
sticky bit ....

By the way, some error may have happened. Paul, could you receive
the previous mail of my comment?
Comment 3 Paul F. Johnson 2006-08-24 10:03:37 EDT
Yep, I've seen both of these postings via email.

Okay, would you mind desperately if I post this BZ ref onto the security 
mailing list? I'm not happy with the sticky 4755 and while I agree with what 
you've put (I can see the logic), I'd prefer the Fedora Security chaps to have 
a look.
Comment 4 Mamoru TASAKA 2006-08-24 10:30:20 EDT
(In reply to comment #3)
> Okay, would you mind desperately if I post this BZ ref onto the security 
> mailing list? 

No problem. Today I began to subscribe to fedora-security list and
now I can add some comments to the thread written in your 
(first) bug report when needed if you post this BZ ref.
Comment 5 Mamoru TASAKA 2006-09-08 06:52:02 EDT
Well, may I close this bug as NOTABUG for now?
Comment 6 Mamoru TASAKA 2006-09-16 11:07:29 EDT
For now I close this bug as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.