[Bug 1184786] New: Deduplicate directory ownership with filesystem package
https://bugzilla.suse.com/show_bug.cgi?id=1184786 Bug ID: 1184786 Summary: Deduplicate directory ownership with filesystem package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: dmueller@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hi, checksec pointed out that various directories in our /usr are 0755 while they're 0555 on Fedora and Red Hat. For more hardened environments this might make a difference, as it prevents a user "root" that doesn't have DAC_OVERRIDE permission to no longer write/create files there. In order to achieve that, only one package need to own the permissions of that directory. currently we have various packages co-owning it, which means actual permission would depend on installation order, and we'd get installation conflicts. This can be prevented by de-duplicating directory ownership. this is a tracker bug that tracks the work related to it. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Chenzi Cao
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c2
--- Comment #2 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c3
--- Comment #3 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c4
--- Comment #4 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c5
--- Comment #5 from OBSbugzilla Bot
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Ancor Gonzalez Sosa
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c27
--- Comment #27 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1184786
https://bugzilla.suse.com/show_bug.cgi?id=1184786#c35
--- Comment #35 from Maintenance Automation
participants (1)
-
bugzilla_noreply@suse.com