Request 532014 (accepted)

This request supersedes: request 526539 (Show diff)

Overview

Request 532014 accepted

Plasma 5.11.0

Created by luca_b over 6 years ago
In state accepted
Supersedes 526539

Submit drkonqi5

Comments for request 532014 0
Comments for request 526539 5

Dominique Leuenberger (dimstar) - over 6 years ago

reviewer

drkonqi5.x86_64: W: missing-call-to-setgroups-before-setuid /usr/lib64/libexec/drkonqi

maybe something to bring to upstream

Fabian Vogt (Vogtinator) - over 6 years ago

author reviewer source maintainer

If I understand the issue correctly, this is a false positive. The call to setgid is literally the first line in main so it's not possible to gain any supplementary groups that would need relinquishing. Maybe an -rpmlintrc file should be added?

Dominique Leuenberger (dimstar) - over 6 years ago

reviewer

interesting; thanks for looking into it.

a rpmlintrc would a bandaid - would be even nicer to find out why rpmlint comes to this conclusion and fix it right there (can be via bug report to the rpmlint maintainer)

Jan Engelhardt (jengelh) - over 6 years ago

reviewer

rpmlint's tests are basically overzealous and overjealous. You can observe it in another instance "libreoffice: shared library policy not respected".

Jan Engelhardt (jengelh) - over 6 years ago

reviewer

Depends. Because there is no setgroups call, the process may retain permissions that the remainder of the code did not expect to have. Equally, if there was a setgroups call, it may give the code more permissions than the developer intended, if there are negative ACLs somewhere in the filesystem (much rarer than the first case).