@eclairevoyant
AFAIK $subver
is merely a build tag and not part of the advertised version.
I do not understand how adding a SUID bit decreases the attack surface.
Git Clone URL: | https://aur.archlinux.org/zoom.git (read-only, click to copy) |
---|---|
Package Base: | zoom |
Description: | Video Conferencing and Web Conferencing Service |
Upstream URL: | https://zoom.us/ |
Keywords: | call conference meeting video |
Licenses: | LicenseRef-zoom |
Submitter: | edh |
Maintainer: | edh |
Last Packager: | edh |
Votes: | 650 |
Popularity: | 9.29 |
First Submitted: | 2015-08-15 13:18 (UTC) |
Last Updated: | 2024-06-19 13:04 (UTC) |
« First ‹ Previous 1 .. 9 10 11 12 13 14 15 16 17 18 19 .. 68 Next › Last »
@eclairevoyant
AFAIK $subver
is merely a build tag and not part of the advertised version.
I do not understand how adding a SUID bit decreases the attack surface.
What's the reasoning to split out $pkgver
and $subver
? Why not just use the upstream version directly in $pkgver
?
BTW @hawath hardening != security; hardening is reducing the attack surface but not inherently decreasing the impact of said vulns. See https://bbs.archlinux.org/viewtopic.php?id=254868, https://lists.debian.org/debian-kernel/2020/03/msg00242.html, https://serverfault.com/questions/939455/unprivileged-userns-clone-no-such, and https://lists.debian.org/debian-kernel/2022/11/msg00258.html for context.
@hawath I am a bit confused as to why this would make zoom more secure. Setting the SUID bit seems like it would be easier to escalate privileges. Can you elaborate a little?
Hi: Would you consider adding this line to the PKGBUILD? This is for those users who have set kernel.unprivileged_userns_clone=0 (this is the case for linux-hardened kernel). I raise this because this is from the official electron package.
Thanks, Hawath
I'm not sure whether this is a packaging issue but with recent updates (last few months) SSO does not work properly anymore. After entering the subdomain for sso (e.g. <yourcompany> for <yourcompany>.zoom.us) the opened link opens up with <yourcompany>/foobar instead of the proper <yourcompany>.zoom.us/foobar Manually adjusting the SSO link to be in the latter format fixes it.
@kuzyn: Read this: https://community.zoom.com/t5/Meetings/An-empty-folder-created-in-Ubuntu/m-p/69059
Apparently, when XDG_DOWNLOAD_DIR
in $HOME/.config/user-dirs.dirs
is set to an "unsafe" directory, Chrome CEF decides to create $HOME/Downloads
instead.
Setting XDG_DOWNLOAD_DIR
in $HOME/.config/user-dirs.dirs
to a directory inside my $HOME
directory (e.g. $HOME/downloads
) helped, so Zoom is no longer creating the annoying Downloads
folder.
Would love to know if someone has found a way to specify the downloads directory, either via zoomus.conf
or env var. Default is $USER/Downloads
.
PSA, the prebuild package is available at https://build.kilabit.info/aur .
A short heads-up in case you did not receive Zoom's notification:
Zoom's rpm packages are signed with a GPG key. For releases after Nov 02, 2022 the Linux and Docker GPG signature thumbprint will change from "Key fingerprint: 3960 60CA DD8A 7522 0BFC B369 B903 BF18 61A7 C71D" to "Key fingerprint: 59C8 6188 E22A BB19 BD55 4047 7B04 A1B8 DD79 B481".
Their package signing PGP key may be downloaded from https://zoom.us/download?os=linux, direct link to the new key is https://zoom.us/linux/download/pubkey?version=5-12-6
Any idea why there's no blur option and cannot use virtual background without green screen? Do I need to install any package?
Pinned Comments
a172 commented on 2022-06-13 14:25 (UTC) (edited on 2022-06-13 14:25 (UTC) by a172)
@edh - That's not the answer I was hoping for (I was really hoping we could get it to launch without xwayland), but at least I know I'm not missing something.
Some
~/.config/zoomus.conf
updates:qt5-webengine
installed, and theebeddedBrowserForSSOLogin
line doesn't exist in my configzoomus.conf
. SSO login works just fine (issues with Firefox containers aside).pipewire-pulse
.system.audio.type
defaulted toalsa
for me (or I changed it without realizing it). I probably could have installedpipewire-alsa
and fixed my issues, but I setsystem.autio.type=pulse
(a lucky guess) and this worked. This should work for anyone using straight PulseAudio as well.If anyone finds documentation on
~/.config/zoomus.conf
, please let us know.edh commented on 2016-08-26 11:03 (UTC) (edited on 2017-03-09 10:48 (UTC) by edh)