----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/127341/#review93465 -----------------------------------------------------------
Ship it! >The `kcheckpass` binary only needs the SUID bit set when building without PAM. If PAM is available, then there's no point in having a SUID bit set in the first place. This is also how, e.g., Gentoo builds this code anyway. That reasoning isn't entirely true. Now pam_unix includes a suid binary /usr/bin/unix_chkpwd which is doing what this is doing. Older versions (10 years ago) didn't, so at the time we needed this for PAM. However, you're right we don't now. - David Edmundson On March 11, 2016, 2:46 p.m., Jan Kundrát wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/127341/ > ----------------------------------------------------------- > > (Updated March 11, 2016, 2:46 p.m.) > > > Review request for Plasma. > > > Repository: kscreenlocker > > > Description > ------- > > The `kcheckpass` binary only needs the SUID bit set when building > without PAM. If PAM is available, then there's no point in having a SUID > bit set in the first place. This is also how, e.g., Gentoo builds this > code anyway. > > Also change the way how the SUID bits are managed. Turnes out that cmake > has a feature for this, and I think that using this feature is better > than attempting to call chown & chmod manually. > > I don't see a potential for regressions here. The `chown` was previously > attempted as a poor man's UID detection, so if the build was running as > non-root, it wasn't possible to add a proper SUID bit, anyway. > > > Diffs > ----- > > kcheckpass/CMakeLists.txt c7803c96f62c38edf2016c9160b66213dad89949 > > Diff: https://git.reviewboard.kde.org/r/127341/diff/ > > > Testing > ------- > > Builds both ways, and the results are as expected. With PAM, everything also > works even without the suid bit -- and that's how Gentoo at least has been > building this "for ages", AFAIK. > > > Thanks, > > Jan Kundrát > >
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
