https://bugzilla.novell.com/show_bug.cgi?id=216485 suse-beta@cboltz.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@novell.com Status|RESOLVED |REOPENED Resolution|WORKSFORME | Version|Beta 1 |Beta 2 ------- Comment #8 from suse-beta@cboltz.de 2006-11-14 10:50 MST ------- (In reply to comment #7)
in secure mode the setuid root bit should be off.
in "secure" mode we do not trust the user with system administrative duties, so an admin should use su or similar to do administrative stuff.
Hmm, what about zen-updater? It even grants _permanent_ permissions once you entered the root password ;-) Seriously: Now that some test updates are available, I could test opensuse-updater a bit more. The only thing a user can do without knowing the root password is "check for updates". I don't know why this is considered security relevant. (He could also call rpm -q to check for outdated/vulnerable packages.) (Before actually installing any patch, the root password is requested.) Anyway: If you don't set the suid bit for zypp-checkpatches-wrapper in permissions.secure, at least implement a better error message that is more helpful for the user (it should at least contain a hint _which_ program needs to be chmod'ed suid-root). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.