[Bug 1183669] New: AUDIT-0: pleaser: security audit for permissions-file-setuid-bit
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669 Bug ID: 1183669 Summary: AUDIT-0: pleaser: security audit for permissions-file-setuid-bit Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: ed-suse.com@s5h.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hello, Would you mind performing a security review for me? please is a memory safe sudo alternative that focuses on assigning rules with familiar regex syntax. The pacakge is at https://build.opensuse.org/package/show/home:eneville/pleaser. Upstream source is at https://gitlab.com/edneville/please The message from the build service is: [ 174s] please.x86_64: E: permissions-file-setuid-bit (Badness: 10) /usr/bin/please is packaged with setuid/setgid bits (04755) [ 174s] please.x86_64: E: permissions-file-setuid-bit (Badness: 10) /usr/bin/pleaseedit is packaged with setuid/setgid bits (04755) [ 174s] If the package is intended for inclusion in any SUSE product please open a [ 174s] bug report to request review of the package by the security team. Please [ 174s] refer to [ 174s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 174s] more information. Thank you very much in advance. Ed Neville -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c2
--- Comment #2 from ed neville
Interesting project. Do you plan to include this into openSUSE? Because only then the review is mandatory.
Hello Johannes, yes please, I would like to get this included. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c17
--- Comment #17 from OBSbugzilla Bot
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c18
--- Comment #18 from OBSbugzilla Bot
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
Matthew Davis
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
Matthew Davis
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c20
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c21
--- Comment #21 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c22
--- Comment #22 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669
http://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c23
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com