Bug ID | 1150366 |
---|---|
Summary | AUDIT-1: ceph-common: review of setgid directory /var/log/ceph |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | matthias.gerstner@suse.com |
QA Contact | qa-bugs@suse.de |
CC | jsegitz@suse.com, malte.kraus@suse.com, matthias.gerstner@suse.com, ncutler@suse.com |
Blocks | 1150189 |
Found By | --- |
Blocker | --- |
+++ This bug was initially created as a clone of Bug #1150189 Like discussed in the proactive security team we want to catch up with packages installing set*id items that haven't been whitelisted yet in the permissions package. Formerly this rpmlint check type didn't cause badness and therefore didn't require packagers to actually have them reviewed. ceph-common is one of the packages installing a setgid directory that isn't currently whitelisted: /var/log/ceph drwxrws--T from ceph-common-14.2.2.354+g8878cf2360-1.1.x86_64.rpm The secure use of this directory needs to be reviewed and if all is good a whitelisting entry in all our permission profiles must be added.