Menu

#2147 Build warnings on 2019.1

2019.1
New
nobody
Security (1)
Low
2024-10-23
2019-09-28
Luigi Baldoni
No

Building FlightGear 2019.1 on openSUSE Tumbleweed.
rpmlint issues these warnings at the end and I thought you should know:

FlightGear.x86_64: I: binary-or-shlib-calls-gethostbyname /usr/bin/JSBSim
FlightGear.x86_64: I: binary-or-shlib-calls-gethostbyname /usr/bin/fgcom
FlightGear.x86_64: I: binary-or-shlib-calls-gethostbyname /usr/bin/fgfs
The binary calls gethostbyname(). Please port the code to use getaddrinfo().

FlightGear.x86_64: W: missing-call-to-setgroups-before-setuid /usr/bin/fgfs
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem.

Discussion

  • James Turner

    James Turner - 2019-10-01

    Thanks for reporting these, I will pass the info to the developer list.

     

  • xDraconian

    xDraconian - 2019-12-28
    • labels: --> Security
     

  • ranguli

    ranguli - 2024-10-21

    Given that this issue affects a now-unsupported version of FlightGear, it should probably be closed unless someone is able to reproduce it on a current release?

     

  • Luigi Baldoni

    Luigi Baldoni - 2024-10-23

    No change in 2020.3.19

    FlightGear.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/fgfs
This executable is calling setuid and setgid without setgroups or initgroups.
This means it didn't relinquish all groups, and this would be a potential
security issue.

FlightGear.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/bin/JSBSim
FlightGear.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/bin/fgcom
FlightGear.x86_64: W: binary-or-shlib-calls-gethostbyname /usr/bin/fgfs
The binary calls gethostbyname. Please port the code to use getaddrinfo.
     

Log in to post a comment.