https://bugzilla.novell.com/show_bug.cgi?id=381845 User jkupec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c3 --- Comment #3 from Ján Kupec 2008-04-21 07:47:29 MST --- I'm not sure if that is a good idea. Keep in mind that this happens only if rpm is used manually (or via non-libzypp-based tool). You just do zyper refresh as root once and problems solved. User's who don't play with rpm will not be annoyed at all, and for people who do, this is not such a problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User jkupec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c5 Ján Kupec changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tgoettlicher@novell.com Status|ASSIGNED |NEEDINFO Info Provider| |zypp-maintainers@forge.provo.novell.com --- Comment #5 from Ján Kupec 2008-04-22 05:44:41 MST --- Yes, you're right. Marking as duplicate and asking the unanswered question here: Hm.. i don't think there is any good way out of this. The error message corretly says what needs to be done and that's probably the best we can do - we just need a @System.solv file up to date with rpmdb... and you can't get it as non-root. A solution might be to create the @System.solv file as a tpmfile if its proper location can't be written to and use that one. I'm not sure if it is worth the effort. (Note that once the updater-applets will use the suid wrapper to do the refresh, they should not be hit by this again) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User jkupec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c7 --- Comment #7 from Ján Kupec 2008-04-22 05:50:01 MST --- In case you wonder what the question is... :O) What do you think of comment #5 paragraph 3 and comments #2 and #3? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User ma@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c9 --- Comment #9 from Michael Andres 2008-04-22 07:08:09 MST --- No suid. If a sysadmin want's to allow (all) users to refresh an outdated cache, then he could set drwxrwxr_x 3 root users 4096 2008-04-15 11:43 /var/cache/zypp/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User jkupec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c11 Ján Kupec changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jkupec@novell.com --- Comment #11 from Ján Kupec 2008-04-22 16:31:44 MST --- (In reply to comment #9 from Michael Andres)

No suid. If a sysadmin want's to allow (all) users to refresh an outdated cache, then he could set

drwxrwxr_x 3 root users 4096 2008-04-15 11:43 /var/cache/zypp/

Then we would need to ship libzypp with such permissions on this dir - think of the updater applets - they need to do refresh. They use a suid wrapper to do it. (In reply to comment #8 from Ludwig Nussel)

What really worries me now is that you want to include this in a setuid program. That's highly dangerous if a shell is involved.

We do it since ages, but there was no shell involved until now.

Please submit any changes in that regard to the security-team for review!

OK -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User matz@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c13 Michael Matz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matz@novell.com --- Comment #13 from Michael Matz 2008-04-29 12:13:18 MST --- Not for rpmdb2solv actually. There the shell comes only from the system() call. It's necessary for the output redirection there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=381845 User dmacvicar@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=381845#c15 Duncan Mac-Vicar changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #15 from Duncan Mac-Vicar 2008-08-19 09:01:34 MDT --- This bug does not apply anymore. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.