Bug ID | 1140151 |
---|---|
Summary | AUDIT-0: libvirt: new polkit permissions for networkport |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | jfehlig@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
libvirt 5.5.0 got some new polkit permissions for the networkport object via commit e69444e1793, which cause the following lint failures [ 732s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.libvirt.api.network-port.getattr (yes:yes:yes) [ 732s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.libvirt.api.network-port.read (yes:yes:yes) [ 732s] The package allows unprivileged users to carry out privileged operations [ 732s] without authentication. This could cause security problems if not done [ 732s] carefully. If the package is intended for inclusion in any SUSE product please [ 732s] open a bug report to request review of the package by the security team. [ 732s] Please refer to [ 732s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 732s] more information. [ 732s] [ 732s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.network-port.create (no:no:no) [ 732s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.network-port.delete (no:no:no) [ 732s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.network-port.write (no:no:no) [ 732s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.network.search-ports (no:no:no) [ 732s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 732s] harder for admins to find. Furthermore polkit authorization checks can easily [ 732s] introduce security issues. If the package is intended for inclusion in any [ 732s] SUSE product please open a bug report to request review of the package by the [ 732s] security team. Please refer to [ 732s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 732s] more information.