https://bugzilla.novell.com/show_bug.cgi?id=798885 https://bugzilla.novell.com/show_bug.cgi?id=798885#c0 Summary: The latest update for PackageKit installs polkit files in order to enable offline updates (executed by systemd) Classification: openSUSE Product: openSUSE Factory Version: 12.3 Beta 1 Platform: Other OS/Version: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: tittiatcoke@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.26 (KHTML, like Gecko) Chrome/26.0.1383.0 Safari/537.26 SUSE/26.0.1383.0 The latest update of PackageKit (zypp backend was fixed by Stephan Kulow) incorporated offline updates (executed during startup/shutdown by systemd). However this caused installation of a couple of polkit files for which rpmlint is now complaining. Currently I have resolved it by using a rpmlintrc file, but the target is to push this PackageKit update into 12.3 (Therefore I put the urgency at critical) The output of the rpmlint is: [ 644s] PackageKit.x86_64: W: polkit-unauthorized-privilege org.freedesktop.packagekit.trigger-offline-update (no:no:yes) [ 644s] PackageKit.x86_64: W: polkit-unauthorized-privilege org.freedesktop.packagekit.clear-offline-update (no:no:yes) [ 644s] The package allows unprivileged users to carry out privileged operations [ 644s] without authentication. This could cause security problems if not done [ 644s] carefully. If the package is intended for inclusion in any SUSE product please [ 644s] open a bug report to request review of the package by the security team [ 644s] [ 644s] PackageKit.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.packagekit.trigger-offline-update (no:no:yes) [ 644s] PackageKit.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.packagekit.clear-offline-update (no:no:yes) [ 644s] Usability can be improved by allowing users to acquire privileges via [ 644s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define [ 644s] 'allow_any'. This is an issue only if the privilege is not listed in /etc [ 644s] /polkit-default-privs.* The package itself will be coming from GNOME:Factory. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.