Hello, first: two other candidate to fix for 10.2 I missed yesterday - both have the fix already included: https://bugzilla.novell.com/show_bug.cgi?id=190084 apparmor.vim missing The apparmor syntax highlighting file for vim is missing (was removed in 10.1 because it was terribly outdated). I have updated and fixed it. (well, vim syntax profiles can cause real headache...) The working file is attached to the bugreport. It simply needs to be added to the vim package. (Not sure if the assignee is the correct one.) https://bugzilla.novell.com/show_bug.cgi?id=188068 pin -v 100 foo tries to "su 100" ("su $2") The description says it all, and the fix is available. (Martin?) second: Am Montag, 6. November 2006 10:36 schrieb Marcus Meissner:
On Mon, Nov 06, 2006 at 10:31:04AM +0100, Christoph Thiel wrote:
On Sun, Nov 05, 2006 at 08:32:57PM +0100, Christian Boltz wrote:
https://bugzilla.novell.com/show_bug.cgi?id=216485 zypp-checkpatches-wrapper does not get the suid-root bit if running with permissions.secure. This makes opensuse-updater unuseable. [...] You likely do not want users to be able to run system administrator tasks in "secure" mode at all, without root password protection.
Hmm, zen-updater runs with permissions.secure in 10.1 [1] - and even grants _permanent_ permissions once one has entered the root password. Since I didn't install any updates with opensuse-updater yet: how does it handle installing updates? Does it ask for the root password every time when installing packages (as susewatcher did)? (If yes, I would consider it more secure than zen-updater.)
It should probably not start opensuse-updater then.
Not starting the updater at all isn't a solution also because not installing updates will make the system insecure over time. (Yes, I know that there's a difference bitween "installing updates" and "being notified about updates" - but it's easy to "forget" to run the update when nothing notifies you...) To sum it up: - being notified about updates should be available independend of the permissions.* level (I don't see that this could cause any harm because a user could also check the RPM database for outdated packages ;-) - missing notification could cause security problems (if nobody installs the fixed packages) - installing updates should require the root password (maybe permissions.easy could be an exception) If you really don't change your decision here, I foretell that this will become a FAQ for 10.2 ;-) Regards, Christian Boltz PS @ Christoph: regarding bug 171082: sorry, I only speak german, english, pfälzisch, bash, php, perl, (my)sql and HTML - but not ycp :-( [1] dunno for 10.2 - I uninstalled it ;) -- Wenn Du Dich weiter doof stellst, dann: Warning: loading builtin philipp-cool-down.dll. Couldn't be loaded! Expect trouble!!! [Philipp Zacharias in suse-linux] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org