[Bug 201170] Review Request: jfbterm - Japanese Console for Linux Frame Buffer Device

bugzilla at redhat.com bugzilla at redhat.com
Sun Aug 20 12:21:20 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: jfbterm - Japanese Console for Linux Frame Buffer Device


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201170





------- Additional Comments From mtasaka at ioa.s.u-tokyo.ac.jp  2006-08-20 08:11 EST -------
Before fixing spec file:

(In reply to comment #23)
> Builds fine normally and rpmlint is clean. I am a tad concerned with this
> snippet though and have asked for advice on it. There may be both a security and
> SELinux implication with it.
> 
> 8-->
> %{__cat} > 60-jfbterm.perms <<EOF
> # permission definitions
> <console> 0660 /dev/tty0    0660 root
> <console> 0600 /dev/console 0600 root
> EOF
> 
> %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d
> %{__install} -m 644 60-jfbterm.perms \
>    %{buildroot}%{_sysconfdir}/security/console.perms.d/
> <--8
> 
> 
> Very unsure
> Security implications (detailed above)

This application (/usr/bin/jfbterm) needs device access right for
/dev/console and /dev/tty0. So usual compilation of jfbterm
sets sticky bit on /usr/bin/jfbterm, with the permission 4755 like
/usr/bin/kon (in kon2-0.3.9b-26.2.1 rpm) With stilly bit, installing
60-jfbterm.perms is not necessary.
Note: kon cannot deal with frame buffer.
Note: pam has /etc/security/console.perms.d/50-default.perms

Original packager (Hideki Machida) and me concluded that it may be
better that we use console.perms method than use sticky bit.
What do you think of this? Umm. I don't know well about SELINUX....

> Are you installing fonts to %{_datadir}/fonts/%{name}? 
jfbterm requires some fonts (in install stage and on the "real use"), 
however, these fonts are actually the copies of fonts in other
packages (in fonts-japanese, xorg-x11-fonts-XXXXX, and fonts-japanese)

Would it be better that I use only the symlink against that fonts?
Doing so requires a bit of trick on install stage.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list