What | Removed | Added |
---|---|---|
CC | matthias.gerstner@suse.com | |
Summary | Blueman 2.0.8 adds new blueman.rules to /usr/share/polkit-1/rules.d/blueman.rules | AUDIT-0: blueman: Blueman 2.0.8 adds new blueman.rules to /usr/share/polkit-1/rules.d/blueman.rules |
Thank you for bringing this to our attention. In the SUSE security team we have decided a while ago that we don't want to follow the special meaning of the "wheel" group as being treated equivalent to root in our distribution. We currently have a couple of rules like this in /usr/share/polkit-1/rules.d but most of them aren't affective anyways, because our polkit-default-privs in /etc/polkit-1/rules.d take precedence, except when the file starts with a number like "00-blueman.rules". We are planning to require a whitelisting for files in /usr/share/polkit-1/rules.d in the future and to move files out of this directory that don't match our policies. Therefore in your case I suggest you install this rules file as an example file e.g. under /usr/share/doc/packages/blueman. This way uses can activate this rule manually if they really want to, but the default security remains untouched.