https://bugzilla.novell.com/show_bug.cgi?id=825262 https://bugzilla.novell.com/show_bug.cgi?id=825262#c0 Summary: Security Review requested due to suse-dbus-unauthorized-service, polkit-untracked-privilege and polkit-cant-acquire-privilege Classification: openSUSE Product: openSUSE Factory Version: 13.1 Milestone 1 Platform: All OS/Version: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: tittiatcoke@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 The nepomuk libraries have been greatly enhanced with KDE 4.11 and contains now several utilities which can scan and index files. However as the new utilities are directly accessing the files, some additional requirements are required. Executing rpmlint on the package now indicates: [ 293s] nepomuk-core.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.nepomuk.filewatch.service [ 293s] nepomuk-core.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.nepomuk.filewatch.conf [ 293s] The package installs a DBUS system service file. If the package is intended [ 293s] for inclusion in any SUSE product please open a bug report to request review [ 293s] of the service by the security team. [ 293s] [ 293s] nepomuk-core.x86_64: I: polkit-untracked-privilege org.kde.nepomuk.filewatch.raiselimit (??:no:auth_admin_keep) [ 293s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 293s] harder for admins to find. If the package is intended for inclusion in any [ 293s] SUSE product please open a bug report to request review of the package by the [ 293s] security team [ 293s] [ 293s] nepomuk-core.x86_64: I: polkit-cant-acquire-privilege org.kde.nepomuk.filewatch.raiselimit (??:no:auth_admin_keep) [ 293s] Usability can be improved by allowing users to acquire privileges via [ 293s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define [ 293s] 'allow_any'. This is an issue only if the privilege is not listed in /etc [ 293s] /polkit-default-privs.* Also here an rpmlintrc file is current in effect to enable the build of the depend packages. We would like to submit this to Factory as soon as possible Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.