Bug ID 1184786
Summary Deduplicate directory ownership with filesystem package
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter dmueller@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

Hi, 

checksec pointed out that various directories in our /usr are 0755 while
they're 0555 on Fedora and Red Hat. For more hardened environments this might
make a difference, as it prevents a user "root" that doesn't have DAC_OVERRIDE
permission to no longer write/create files there. 

In order to achieve that, only one package need to own the permissions of that
directory. currently we have various packages co-owning it, which means actual
permission would depend on installation order, and we'd get installation
conflicts. 

This can be prevented by de-duplicating directory ownership. this is a tracker
bug that tracks the work related to it.


You are receiving this mail because: