review qemplayer

wbrana wbrana at gmail.com
Mon Jul 9 12:37:46 UTC 2012


> is it possible for you to "reply" to messages, so threads are kept intact?
> also it would be nice if you could use a more meaningful subject ("my"
> package refer to a number of packages, non of which is qemplayer)
I can't reply to messages because I'm not subscribed to mailing list
because I don't want to get so many e-mails. I'm reading it using archives.

> if your application is dropping root priviges as soon as it can, it
> still _has_ root priviliges at some point. if the binary can be
> compromised in a critical state, this means that the an attacker can
> get easy root access to your machine.
How can be that binary compromised?

> you might want to contact the packagers of google chome and xorg about
> that (and they most likely will either fix the problem or have a very
> good explanation why they need setuid)
chrome is using chroot and other things, which don't work without setuid
xorg also needs to call functions which don't work without setuid
chrome and xorg were just example. There are many setuid apps on Linux.
xorg and many other apps are running as root all time. It will be much
easier to get root access
using these apps than mplayer_nice

> - - pam_limits allows you to fine-tune those priviliges on a per-user
> basis. e.g. you can grant access to realtime-priorities, but not to
> reading /etc/passwd or to /dev/null'ing your harddisks.
I will consider it. Will qemplayer be included in Debian if I will use
pam_limits?

> is there any specific reason, why you install files into
> /usr/share/doc/qemplayer/ and /usr/share/doc/qemplayer-12.5/?
I don't know why files are installed into /usr/share/doc/qemplayer/.
I'm installing into /usr/share/doc/qemplayer-12.5 because this way is
used on Gentoo.

> all this should go into /usr/share/doc/<packagename>/
I will consider it.



More information about the pkg-multimedia-maintainers mailing list