http://bugzilla.opensuse.org/show_bug.cgi?id=1208808 Bug ID: 1208808 Summary: hotspot: review dbus / polkit rules Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: christophe@krop.fr QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The last hotspot release installs the following files in order to run the `perf` utility with elevated privileges: /usr/share/dbus-1/system.d/com.kdab.hotspot.perf.conf /usr/share/dbus-1/system-services/com.kdab.hotspot.perf.service /usr/share/polkit-1/actions/com.kdab.hotspot.perf.policy Sources URL: https://github.com/KDAB/hotspot/tree/1.4 and notably https://github.com/KDAB/hotspot/blob/master/src/hotspot-perf-authhelper.acti... which is processed by kauth. The package update is currently available in a branch: https://build.opensuse.org/package/show/home:krop:branches:devel:tools/hotsp... # cat com.kdab.hotspot.perf.conf <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- Only user root can own the foo helper --> <policy user="root"> <allow own="com.kdab.hotspot.perf"/> </policy> </busconfig> --- # cat com.kdab.hotspot.perf.service [D-BUS Service] Name=com.kdab.hotspot.perf Exec=/usr/libexec/kauth/hotspot-auth-helper User=root --- # cat com.kdab.hotspot.perf.policy <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> <policyconfig> <action id="com.kdab.hotspot.perf.elevate" > <description>Elevate Privileges</description> <message>allows to run perf as root</message> <defaults> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> </action> </policyconfig> -- You are receiving this mail because: You are on the CC list for the bug.