Mailinglist Archive: opensuse-factory (528 mails)

< Previous Next >
Re: [opensuse-factory] Permissions and security levels
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Thu, 3 May 2007 07:36:21 +0200
  • Message-id: <20070503053621.GA24978@xxxxxxx>
> > # zypp - allow opensuseupdater to do its job
> > /usr/sbin/zypp-checkpatches-wrapper              root:root   4755
> >
> >
> > Regards,
> >
> > Christian Boltz
> what about a default apparmor wrap on opensuse updater?

It calls /usr/sbin/zypp-checkpatches-wrapper, which would need one
and then it will be quiet difficult to confine this setuid root binary.

In general... The reason the zypp-checkpatches-wrapper is setuid root
is mostly for keeping potential privacy information in the configured
repositories ...

Think user/password pairs for FTP servers, or for SLE the deviceid/secret
pairs.

Also for not doing the download twice, but this could be done in a cron
job.

Ciao, Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >