SPECS: kdelibs.spec - R: sperl (for fileshareset and filesharelist...

Sun Feb 17 21:47:32 CET 2008

Dnia sobota 16 luty 2008, Radoslaw Zielinski napisał:
> arvenil <arvenil at pld-linux.org> [01-01-2008 18:40]:
> > Author: arvenil                      Date: Tue Jan  1 18:40:26 2008 GMT
> > Module: SPECS                         Tag: HEAD
> > ---- Log message:
> > - R: sperl (for fileshareset and filesharelist)
> > - release 10
>
> [...]
>
> > +Requires:	sperl
>
> Nope.
>
As far as i remember it requires sperl. Filesharing doesn't work without it. 
It fails and KDE gives wrong clue.
"Sharing folder '/home/users/Arvenil/DOM/pulpit/Nowy katalog' failed.
An error occurred while trying to share 
folder '/home/users/Arvenil/DOM/pulpit/Nowy katalog'. Make sure that the Perl 
script 'fileshareset' is set suid root."
But running this script from command line returns something more verbosive:
# fileshareset --add /home/users/Arvenil/DOM
Can't do setuid (cannot exec sperl)

> Forcing installation of suid root binaries is a bad idea unless really
> necessary. 
True. I didn't know how much unsecure sperl is. Description suggest that it is 
more secure:)

> If these scripts fail badly when it's not
> available, update them to do that gracefully instead.
>
I have propably found other solution. Simple and secure.
Just remove sgid from this scripts;)

--- kdelibs.spec        17 Feb 2008 13:16:52 -0000      1.549
+++ kdelibs.spec        17 Feb 2008 17:48:49 -0000
@@ -462,8 +462,8 @@
 %attr(755,root,root) %{_bindir}/dcopserver_shutdown
 %attr(755,root,root) %{_bindir}/dcopstart
 #%attr(755,root,root) %{_bindir}/ghns
-%attr(2755,root,fileshare) %{_bindir}/filesharelist
-%attr(2755,root,fileshare) %{_bindir}/fileshareset
+%attr(755,root,fileshare) %{_bindir}/filesharelist
+%attr(755,root,fileshare) %{_bindir}/fileshareset
 %attr(755,root,root) %{_bindir}/imagetops
 %attr(755,root,root) %{_bindir}/kaddprinterwizard
 %attr(755,root,root) %{_bindir}/kbuildsycoca

Works like a charm;) This scripts requires just (i hope so) write access 
to /etc/smb.conf and propably /etc/exports. /etc/smb.conf and /etc/exports 
belongs to group fileshare (664). So just add user to group fileshare and 
then you can share you files in KDE. Also file sharing configuration in KDE 
supports adding users to group fileshare.

Argh... i was happy to early. KDE has by default set filesharing to not use 
fileshare group but allow all users to share files (IMO stupid). So without 
sperl this cannot be done.
Also i see that this is now broken even when sperl is installed. When changing 
in KDE configuration to not use filesharing group then KDE change group 
for /etc/smb.conf and /etc/exports to root. Fleshareset has only sgid so it 
fails.
So if we want this working then in KDE way there should be installed sperl and 
fileshareset and filesharelist should have suid (now they have only sgid). 
Changing sgid to suid for filesharelist and fileshareset is allowed?

But as you mention earlier sperl is unsecure so what are other propositions? 
For me this is just broken. This file share feature should allow only sharing 
files for users in group fileshare and it shouldn't change group and 
privileges of /etc/smb.conf and /etc/exports.

BTW i found this[1] on the net ;)
[1] http://www.mail-archive.com/pld-devel-pl@pld-linux.org/msg24787.html

-- 
Regards, Kamil Dziedzic
-- 
Pozdrawiam, Kamil Dziedzic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : /mailman/pipermail/pld-devel-en/attachments/20080217/4fe21731/attachment.sig 
