Bug ID 1222159
Summary gnome-remote-desktop 46.0 needs audit for dbus service and polkit privileges
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter dimstar@opensuse.org
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

as part of GNOME 46.0, gnome-remote-desktop was also updated - but not
submitted, as we lack freerdp3 in Factory so far.

freerdp is currently int he queue, which allowed me to do a local build against
the adi project and get the relevant errors from the build:

[   14s] gnome-remote-desktop.x86_64: E: polkit-untracked-privilege (Badness:
10000) org.gnome.remotedesktop.configure-system-daemon
(auth_admin:auth_admin:auth_admin_keep)
[   14s] The polkit action is not listed in the polkit-default-privs profiles
which
[   14s] makes it harder for admins to find. Furthermore improper polkit
authorization
[   14s] checks can easily introduce security issues. If the package is
intended for
[   14s] inclusion in any SUSE product please open a bug report to request
review of
[   14s] the package by the security team. Please refer to
[   14s]
https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[   14s] more information.


[   14s] gnome-remote-desktop.x86_64: E: dbus-file-unauthorized (Badness:
10000) /usr/share/dbus-1/system.d/org.gnome.RemoteDesktop.conf (sha256 file
digest default
filter:1f030b4ab73fe66d7fb57bd4085535b51dd63bdcd557338bc00b0b758f17e8b8 shell
filter:6dcb7d0c4e6650477212e08f5c223aa19695204af8adf5a13e772a0199bf7667 xml
filter:313b3194f2acb97640267d67722a2a62327acf3c9723f5163e0d028745311fdb)
[   14s] gnome-remote-desktop.x86_64: E: dbus-file-unauthorized (Badness:
10000) /usr/share/dbus-1/system-services/org.gnome.RemoteDesktop.service
(sha256 file digest default
filter:478f680764e64a714223fa83d326add2720e8ff02a3fc159687c0132992d4f6f shell
filter:1053fce12e03e219ff4518c8498b3ce1983597961afcefa93be25005414a50d8 xml
filter:<failed-to-calculate>)
[   14s] Packaging D-Bus services requires a review and whitelisting by the
SUSE
[   14s] security team. If the package is intended for inclusion in any SUSE
product
[   14s] please open a bug report to request review of the package by the
security
[   14s] team. Please refer to
[   14s]
https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[   14s] more information.


The source package can be found in GNOME:Factory/gnome-remote-desktop

You are receiving this mail because: