Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 384607

Summary: x11-misc/colord: bump to 0.1.12 and run as non-root user
Product: Gentoo Linux Reporter: Alexandre Rostovtsev (RETIRED) <tetromino>
Component: [OLD] GNOMEAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Alexandre Rostovtsev (RETIRED) gentoo-dev 2011-09-27 06:19:55 UTC 
colord-0.1.11 and below runs as root and automatically probes for color profile files in external volumes. Since this is hardly an example of great security practices, in 0.1.12 upstream added the ability to run the colord daemon as a non-root user and to prevent the colord process from reading external volumes. I believe that we should follow Debian's example and make use of both of these security features.

One potential issue is that users who ran colord-0.1.11 (as root) and modified their systemwide color management settings will have various color management configs in /var that belong to root:root.

Fortunately, due to an oversight about how colord configure interprets $localstetedir, our <=colord-0.1.11 packages used /var/lib/lib/colord and /var/lib/lib/color as the config directories. We can thus switch to /var/lib/colord and /var/lib/color for 0.1.12 and direct the user to cp and chown his customized settings from /var/lib/lib by a message in pkg_postinst().

See http://git.overlays.gentoo.org/gitweb/?p=proj/gnome.git;a=tree;f=x11-misc/colord for the colord-0.1.12 ebuild currently in the overlay.
Comment 1 Pacho Ramos gentoo-dev 2011-09-28 11:40:32 UTC 
+*colord-0.1.12 (28 Sep 2011)
+
+  28 Sep 2011; Pacho Ramos <pacho@gentoo.org> +colord-0.1.12.ebuild:
+  Version bump that also runs as a different user than root. Thanks a lot to
+  Alexandre Rostovtsev for doing all the work (bug #384607).
+