[Pkg-xfce-devel] Bug#685832: Bug#685832: xfce4-sensors-plugin: xcfe4-sensors-plugin relies on a setuid hddtemp and recommends to setuid it
- Subject: [Pkg-xfce-devel] Bug#685832: Bug#685832: xfce4-sensors-plugin: xcfe4-sensors-plugin relies on a setuid hddtemp and recommends to setuid it
- From: corsac at debian.org (Yves-Alexis Perez)
- Date: Wed, 29 May 2013 20:53:24 +0200
- Message-id: <[🔎] 1369853604.23893.38.camel@scapa>
- In-reply-to: <5037F6E8.3080504@gmail.com>
- References: <5037F6E8.3080504@gmail.com>
On sam., 2012-08-25 at 00:49 +0300, Eddy Petri?or wrote:
> xfce4-sensors-plugin seems to want, although not necessary, to have
> hddtemp
> setuid in the system in order to read the temperature of the HDD. It
> even goes
> to suggest to the user to setuid hddtemp.
>
> But there is an option to fetch hddtemp information without having
> hddtemp
> setuid, to read directly from a local port. This option is now
> disabled at
> buildtime because there is no netcat installed during build.
>
> So I just added netcat as a build depends and the resulting package
> works fine
> and no longer recommends the user the unsafe option of running hddtemp
> setuid.
>
Note that it also silently breaks for users which don't have hddtemp
running as a root daemon, which is not a really nice solution either.
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20130529/d344a336/attachment.pgp>
Reply to: