Bug ID | 1048025 |
---|---|
Summary | Requesting a security review for realmd for inclusion in openSUSE |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | plinnell@opensuse.org |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
realmd which is https://build.opensuse.org/package/show/network/realmd needs a review of the polkit privilege. >From rpmlint on current TW: realmd.i586: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.realmd.discover-realm (yes:yes:yes) The package allows unprivileged users to carry out privileged operations without authentication. This could cause security problems if not done carefully. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team For the moment, I have put in an rpmlintrc file to drop the badness score to 100.