Review request: svgalib
Hans de Goede
j.w.r.degoede at hhs.nl
Fri Jul 1 20:25:15 UTC 2005
Bill Nottingham wrote:
> Hans de Goede (j.w.r.degoede at hhs.nl) said:
>
>>Differences from the last try:
>>- Upstream has reintroduced suid root use in 1.9.20 as an alternative to
>> the helper-kernel-module. This allows us to build a sane (kernel
>> module free) package of the 1.9 (devel) versions. The 1.4 (stable)
>> versions haven't seen an update in ages and don't support most modern
>> cards -> Update to the latest upstream devel release 1.9.21 .
>
>
> Um, *ewww*. Excesses of setuid binaries just seems bad.
>
If it aint broken don't fix it :)
svgalib apps are pretty safe as long as they are coded correctly:
int main(...)
{
vga_init();
...
...
}
vga_init will mmap parts of /dev/mem and do an iopl(3), followed by
dropping all priviliges.
Also many distros (Debian and others) still ship 1.4.3 which works the
same way and RedHat has also shipped svgalib in this mode for a long time.
There have been serious bugs in both svgalib and apps using it, but
those have all been fixed and no new ones have come up for a while.
I currently don't have any plans to add svgalib using apps to
Fedora-Extras, so no suid binaires will be added by me :) I use svgalib
for some projects of my own which I unfortunatly can't add to
fedora-extras. So there may never be apps in Fedoro-Extras using
svgalib, although I hope having svgalib available will inspire others to
add apps, it will atleast make this a whole lot easier. I wanted a
package of svgalib since I've become to dislike manual installed sw, and
now that I've taken the time to create one I might as well share it.
Once some apps have been added we can see if the suid stuff is a real
concern and ifso switch to the helper-kernel-module setup, with all the
package maintainer problems this adds.
Regards,
Hans
More information about the fedora-extras-list
mailing list