Bug ID | 1150336 |
---|---|
Summary | AUDIT-1: roccat-tools: review of setgid directory /var/lib/roccat |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | matthias.gerstner@suse.com |
QA Contact | qa-bugs@suse.de |
CC | jsegitz@suse.com, malte.kraus@suse.com, matthias.gerstner@suse.com, mrueckert@suse.com |
Found By | --- |
Blocker | --- |
+++ This bug was initially created as a clone of Bug #1150189 Like discussed in the proactive security team we want to catch up with packages installing set*id items that haven't been whitelisted yet in the permissions package. Formerly this rpmlint check type didn't cause badness and therefore didn't require packagers to actually have them reviewed. roccat-tools is one of the packages installing a setgid directory that isn't currently whitelisted: /var/lib/roccat drwxrws--- from roccat-tools-5.7.0-1.7.i586.rpm The secure use of this directory needs to be reviewed and if all is good a whitelisting entry in all our permission profiles must be added.