Bug ID 1234134
Summary AUDIT-0: timekpr-next: review of new D-Bus service com.timekpr.server, new polkit action com.ubuntu.timekpr.pkexec
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter svalx78@gmail.com
QA Contact security-team@suse.de
Target Milestone ---
Found By ---
Blocker --- 

For package found in OBS in X11:Utilities:timekpr-next I would like a
whitelisting for the following rpmlint errors:

timekpr-next.noarch: E: polkit-untracked-privilege (Badness: 10)
com.ubuntu.timekpr.pkexec (auth_admin:auth_admin:auth_admin)
The polkit action is not listed in the polkit-default-privs profiles which
makes it harder for admins to find. Furthermore improper polkit authorization
checks can easily introduce security issues.

timekpr-next.noarch: E: dbus-file-unauthorized (Badness: 10)
/usr/share/dbus-1/system.d/timekpr.conf (sha256 file digest default
filter:499245aea51f15a98d88a81e0352b9f3c7a1acad3abc53b5ca1ec5dd10e8441a shell
filter:670fbbd637a7db138caded139420cb5bc41f24b4a3a1106cde4fb2f489f71ffb xml
filter:37117f57a599e1d0b8f565e493b6dc1c152683ea6d9fa8183e7f592143713934)
Packaging D-Bus services requires a review and whitelisting by the SUSE
security team.

Package can be found at
https://build.opensuse.org/package/show/X11:Utilities/timekpr-next
Sources at https://launchpad.net/timekpr-next
I am plan to submit this package to Factory.

You are receiving this mail because: