[email protected]
[Top] [All Lists]

Re: Review request: svgalib

Subject: Re: Review request: svgalib
From: Hans de Goede
Date: Fri, 01 Jul 2005 22:25:15 +0200

Bill Nottingham wrote:
Hans de Goede ([email protected]) said:
Differences from the last try:
- Upstream has reintroduced suid root use in 1.9.20 as an alternative to
 the helper-kernel-module. This allows us to build a sane (kernel
 module free) package of the 1.9 (devel) versions. The 1.4 (stable)
 versions haven't seen an update in ages and don't support most modern
 cards -> Update to the latest upstream devel release 1.9.21 .

Um, *ewww*. Excesses of setuid binaries just seems bad.

If it aint broken don't fix it :)
svgalib apps are pretty safe as long as they are coded correctly:

int main(...)

vga_init will mmap parts of /dev/mem and do an iopl(3), followed by dropping all priviliges.

Also many distros (Debian and others) still ship 1.4.3 which works the same way and RedHat has also shipped svgalib in this mode for a long time.

There have been serious bugs in both svgalib and apps using it, but those have all been fixed and no new ones have come up for a while.

I currently don't have any plans to add svgalib using apps to Fedora-Extras, so no suid binaires will be added by me :) I use svgalib for some projects of my own which I unfortunatly can't add to fedora-extras. So there may never be apps in Fedoro-Extras using svgalib, although I hope having svgalib available will inspire others to add apps, it will atleast make this a whole lot easier. I wanted a package of svgalib since I've become to dislike manual installed sw, and now that I've taken the time to create one I might as well share it.

Once some apps have been added we can see if the suid stuff is a real concern and ifso switch to the helper-kernel-module setup, with all the package maintainer problems this adds.



fedora-extras-list mailing list
[email protected]

<Prev in Thread] Current Thread [Next in Thread>