|Summary:||app-misc/beep no longer supports setuid/setgid, should drop "suid" USE flag support|
|Product:||Gentoo Linux||Reporter:||Michael Yagliyan <burnsmellfactory>|
|Component:||Current packages||Assignee:||Gentoo Shell Tools Herd Bugs <shell-tools>|
|Severity:||normal||CC:||burnsmellfactory, chain, fturco, jstein, mail, sam|
|Package list:||Runtime testing required:||---|
Description Michael Yagliyan 2020-04-08 21:40:14 UTC
See https://github.com/spkr-beep/beep/blob/master/PERMISSIONS.md. Due to recent security bugs, beep now aborts immediately if run setuid or setgid: beep: Error: Running setuid or setgid, which is not supported for security reasons. beep: Error: Set up permissions for the pcspkr evdev device file instead. (and it exits with status 1) I'm not sure which upstream version introduced this change, but I encountered it after upgrading from app-misc/beep-1.3-r3 to 1.4.9. The ebuild for 1.4.9 still supports the suid USE flag, and sets the setuid bit on the binary if the USE flag is enabled. At a bare minimum it should drop that support and stop setting setuid/setgid. An even better solution would be if the ebuild optionally setup a "beep" group (or call it whatever) and the device permissions, as recommended on that PERMISSIONS.md page, so that the end user wouldn't have to do all that manually.
Comment 1 Maciej S. Szmigiero 2020-11-01 19:54:19 UTC
As Michael stated, the replacement for "suid" USE flag is an appropriate udev rule file. The package upstream even suggests a few.
Comment 2 Larry the Git Cow 2021-09-23 08:20:26 UTC
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51db2842c8c2c925a6c0d7c7875949e94afa9d6f commit 51db2842c8c2c925a6c0d7c7875949e94afa9d6f Author: Alessandro Barbieri <email@example.com> AuthorDate: 2021-02-22 01:02:52 +0000 Commit: Michał Górny <firstname.lastname@example.org> CommitDate: 2021-09-23 08:17:03 +0000 app-misc/beep: capabilities added, suid removed Closes: https://bugs.gentoo.org/716734 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Alessandro Barbieri <email@example.com> Closes: https://github.com/gentoo/gentoo/pull/19588 Signed-off-by: Michał Górny <firstname.lastname@example.org> app-misc/beep/beep-1.4.9-r1.ebuild | 57 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)