http://bugzilla.suse.com/show_bug.cgi?id=1095783 Bug ID: 1095783 Summary: New package mailutils required for new GNU Emacs includes two suid/sgid programs Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: werner@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- For New GNU Eamcs 26.1 I need a new package called mailutils as upstream Emacs had removed a lot of builtin functionalities and replaced it with those of mailutils. The package mailutils has some helper programs dotlock -- lock mail spool files frm -- display From: lines from -- display from and subject maidag -- the mail delivery agent mail -- process mail messages messages -- count the number of messages in a mailbox mimeview -- display files, using mailcap mechanism movemail -- move messages across mailboxes readmsg -- print messages sieve -- a mail filtering tool where dotlock is root:root 02755 and maidag root:root 04755 Beside this mailutils has an other MH tool collection and an imap4d as well as a pop3d daemon. For dotlock and maidag I see without permissions file [ 109s] mailutils.x86_64: E: permissions-file-setuid-bit (Badness: 10000) /usr/bin/dotlock is packaged with setuid/setgid bits (02755) [ 109s] mailutils-server.x86_64: E: permissions-file-setuid-bit (Badness: 10000) /usr/sbin/maidag is packaged with setuid/setgid bits (04755) [ 109s] If the package is intended for inclusion in any SUSE product please open a bug [ 109s] report to request review of the program by the security team and with permission files [ 116s] mailutils.x86_64: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/mailutils [ 116s] mailutils.x86_64: E: permissions-unauthorized-file (Badness: 10000) /etc/permissions.d/mailutils.paranoid hence this bug report -- You are receiving this mail because: You are on the CC list for the bug.