Description of problem:
Could you please review your spec file in light of the thread on the
It seems that the console perms bit should be removed.
The binary (/usr/bin/jfbterm) really don't work without
* using sticky bit (like /usr/bin/kon in kon2 rpm) OR
* using console.perms method OR
* maybe using pam or consolehelper.
Without these, jfbterm fails with the error like
exec : /bin/bash can't open /dev/console
I don't know the whole mechanism of this package, however,
this binary (/usr/bin/jfbterm) needs device access for
/dev/console and /dev/tty0 .
When using console.perms method, the description in
60-jfbterm.perms is not redundant because
* the entry for /dev/console in 50-default.perms is only valid
when logging in with GUI because /dev/console is managed by
<xconsole>. The important purpose of jfbterm is to display
multibyte characters on CUI , not when logging in with GUI
(however, jfbterm seems to work with GUI).
* Also, 50-default.perms don't have the entry for /dev/tty0.
The easiest way to deal with this is to set sticky bit on
jfbterm as 4755, however, without using it, the reasonable way
to use jfbterm is to use console.perms method.
IMO, using pam of consolehelper is nearly equal to use sticky
bit because jfbterm needs root authority without using console.perms
I meant IMO, using pam OR consolehelper is nearly equal to using
sticky bit ....
By the way, some error may have happened. Paul, could you receive
the previous mail of my comment?
Yep, I've seen both of these postings via email.
Okay, would you mind desperately if I post this BZ ref onto the security
mailing list? I'm not happy with the sticky 4755 and while I agree with what
you've put (I can see the logic), I'd prefer the Fedora Security chaps to have
(In reply to comment #3)
> Okay, would you mind desperately if I post this BZ ref onto the security
> mailing list?
No problem. Today I began to subscribe to fedora-security list and
now I can add some comments to the thread written in your
(first) bug report when needed if you post this BZ ref.
Well, may I close this bug as NOTABUG for now?
For now I close this bug as NOTABUG.