[Bug 825262] New: Security Review requested due to suse-dbus-unauthorized-service, polkit-untracked-privilege and polkit-cant-acquire-privilege
https://bugzilla.novell.com/show_bug.cgi?id=825262 https://bugzilla.novell.com/show_bug.cgi?id=825262#c0 Summary: Security Review requested due to suse-dbus-unauthorized-service, polkit-untracked-privilege and polkit-cant-acquire-privilege Classification: openSUSE Product: openSUSE Factory Version: 13.1 Milestone 1 Platform: All OS/Version: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: tittiatcoke@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 The nepomuk libraries have been greatly enhanced with KDE 4.11 and contains now several utilities which can scan and index files. However as the new utilities are directly accessing the files, some additional requirements are required. Executing rpmlint on the package now indicates: [ 293s] nepomuk-core.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.nepomuk.filewatch.service [ 293s] nepomuk-core.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.nepomuk.filewatch.conf [ 293s] The package installs a DBUS system service file. If the package is intended [ 293s] for inclusion in any SUSE product please open a bug report to request review [ 293s] of the service by the security team. [ 293s] [ 293s] nepomuk-core.x86_64: I: polkit-untracked-privilege org.kde.nepomuk.filewatch.raiselimit (??:no:auth_admin_keep) [ 293s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 293s] harder for admins to find. If the package is intended for inclusion in any [ 293s] SUSE product please open a bug report to request review of the package by the [ 293s] security team [ 293s] [ 293s] nepomuk-core.x86_64: I: polkit-cant-acquire-privilege org.kde.nepomuk.filewatch.raiselimit (??:no:auth_admin_keep) [ 293s] Usability can be improved by allowing users to acquire privileges via [ 293s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define [ 293s] 'allow_any'. This is an issue only if the privilege is not listed in /etc [ 293s] /polkit-default-privs.* Also here an rpmlintrc file is current in effect to enable the build of the depend packages. We would like to submit this to Factory as soon as possible Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c1
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c2
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c3
--- Comment #3 from Thomas Biege
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c4
--- Comment #4 from Raymond Wooninck
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c5
--- Comment #5 from Raymond Wooninck
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c6
--- Comment #6 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c7
--- Comment #7 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c8
--- Comment #8 from Thomas Biege
Any update on this bug request ? As indicated we have Beta 2 now in KDF, but still not able to submit it to Factory.
Just go ahead, green light from us at the moment. We will review it and if it causes trouble we will let you know. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c9
--- Comment #9 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c10
--- Comment #10 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c11
--- Comment #11 from Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c12
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=825262
https://bugzilla.novell.com/show_bug.cgi?id=825262#c13
Marcus Meissner
participants (1)
-
bugzilla_noreply@novell.com