Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
Re: [opensuse-security] otrs and permissions file
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Tue, 24 Apr 2012 09:00:04 +0200
  • Message-id: <4F964F74.4010102@suse.de>
Christian wrote:
Am 2010-07-21 13:55, schrieb Ludwig Nussel:
Well, if it wasn't the build would abort with an error :-)
Having directories with setgid bits is rather unusual though. Are
you sure it's required?
Yes, it is required.
Now I made a permissions file, which need to be reviewed for acceptance.

https://build.opensuse.org/package/show?package=otrs&project=network%3Aotrs%3ATest
Thank you.

Well, if you want entries in the permissions files in Factory please
file a bug for security-team so the request is documented properly.
However, looking at the permissions file you include it's not acceptable
anyways. You must not package sub-directories in service owned
directories. rpm cannot handle that in a safe way.
Having a 'bin' directory rw by a service user looks immediately
suspicious. Looks like the init script even starts scripts from there
and the init script runs as root!

cu
Ludwig

PS: hostname -f is evil, even more so in a sysconfig file.

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB
16746 (AG N├╝rnberg)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
References