Description of problem: Could you please review your spec file in light of the thread on the fedora-security list? https://www.redhat.com/archives/fedora-security-list/2006-August/msg00036.html It seems that the console perms bit should be removed.
The binary (/usr/bin/jfbterm) really don't work without * using sticky bit (like /usr/bin/kon in kon2 rpm) OR * using console.perms method OR * maybe using pam or consolehelper. Without these, jfbterm fails with the error like exec : /bin/bash can't open /dev/console I don't know the whole mechanism of this package, however, this binary (/usr/bin/jfbterm) needs device access for /dev/console and /dev/tty0 . When using console.perms method, the description in 60-jfbterm.perms is not redundant because * the entry for /dev/console in 50-default.perms is only valid when logging in with GUI because /dev/console is managed by <xconsole>. The important purpose of jfbterm is to display multibyte characters on CUI , not when logging in with GUI (however, jfbterm seems to work with GUI). * Also, 50-default.perms don't have the entry for /dev/tty0. The easiest way to deal with this is to set sticky bit on jfbterm as 4755, however, without using it, the reasonable way to use jfbterm is to use console.perms method. IMO, using pam of consolehelper is nearly equal to use sticky bit because jfbterm needs root authority without using console.perms anyway.
Oops. I meant IMO, using pam OR consolehelper is nearly equal to using sticky bit .... By the way, some error may have happened. Paul, could you receive the previous mail of my comment?
Yep, I've seen both of these postings via email. Okay, would you mind desperately if I post this BZ ref onto the security mailing list? I'm not happy with the sticky 4755 and while I agree with what you've put (I can see the logic), I'd prefer the Fedora Security chaps to have a look.
(In reply to comment #3) > Okay, would you mind desperately if I post this BZ ref onto the security > mailing list? No problem. Today I began to subscribe to fedora-security list and now I can add some comments to the thread written in your (first) bug report when needed if you post this BZ ref.
Well, may I close this bug as NOTABUG for now?
For now I close this bug as NOTABUG.