Comment # 7 on bug 1201385 from 
(In reply to Matthias Gerstner from comment #4)
> The change in security context is rather limited here, since the postlog
> program only runs as the postdrop group. So no root privileges are involved.
> 
> The main concern would be that the files owned by the postdrop group could be
> corrupted or could be disclosed, or processes owned by the postdrop group
> could be influenced in a bad way.
> 
> The hardening efforts in the postlog code look pretty good. The command line
> parameters are limited and don't look harmful. Environment variables are
> handled with the required care. In the privilege escalation context no
> environment variables are trusted at all.
> 
> The more or less only purpose of the postlog command is to send log data to
> syslog. The process name used in logging is limited to "postlog" so no
> spoofing should be possible there.
> 
> What can be spoofed is the log message content as such, which is kind of by
> design. Maybe sudoers rules or something like it would have been more
> selectiv
> regarding to who is actually allowed to log something as postdrop user.
> 
> Still the attack surface is manageable and I agree to whitelist the setgid
> setting in the permissions package.

Thank you.
Will there also be an update of permissions pkg for Leap 15.3 and 15.4 ?

You are receiving this mail because: