The zhcon package was added to FC6 and FC7 extra recently. But there
is
a issue of it that we may need to notice.
Because it need to access /dev/fb0 and so on, it need the setuid
permission, so normal users can use it too. This bring the security
risk. But for users' convenience, I didn't remove this setuid
permission.
It is still better don't install zhcon by default. Let's user install it
manually.
Maybe we can use ACL to controll this?
Shouldn't pam set the framebuffer owner to the current console user? When
I look at the /dev/fb0 permissions on my system I see this:
% ls -l /dev/fb0
crw------- 1 bress root 29, 0 Apr 3 07:53 /dev/fb0
There should be no need to give zhcon the setuid bit as I already have the
permissions I need.
--
JB