https://bugzilla.suse.com/show_bug.cgi?id=1184786
Bug ID: 1184786 Summary: Deduplicate directory ownership with filesystem package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: dmueller@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: ---
Hi,
checksec pointed out that various directories in our /usr are 0755 while they're 0555 on Fedora and Red Hat. For more hardened environments this might make a difference, as it prevents a user "root" that doesn't have DAC_OVERRIDE permission to no longer write/create files there.
In order to achieve that, only one package need to own the permissions of that directory. currently we have various packages co-owning it, which means actual permission would depend on installation order, and we'd get installation conflicts.
This can be prevented by de-duplicating directory ownership. this is a tracker bug that tracks the work related to it.
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Chenzi Cao chcao@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs@suse.de |ro@suse.com
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c2
--- Comment #2 from OBSbugzilla Bot bwiedemann+obsbugzillabot@suse.com --- This is an autogenerated message for OBS integration: This bug (1184786) was mentioned in https://build.opensuse.org/request/show/886085 Factory / scribus
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c3
--- Comment #3 from OBSbugzilla Bot bwiedemann+obsbugzillabot@suse.com --- This is an autogenerated message for OBS integration: This bug (1184786) was mentioned in https://build.opensuse.org/request/show/886089 Factory / jag
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c4
--- Comment #4 from OBSbugzilla Bot bwiedemann+obsbugzillabot@suse.com --- This is an autogenerated message for OBS integration: This bug (1184786) was mentioned in https://build.opensuse.org/request/show/886220 Factory / gobby
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c5
--- Comment #5 from OBSbugzilla Bot bwiedemann+obsbugzillabot@suse.com --- This is an autogenerated message for OBS integration: This bug (1184786) was mentioned in https://build.opensuse.org/request/show/886241 Factory / qt6-base
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Ancor Gonzalez Sosa ancor@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1188994
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c27
--- Comment #27 from Swamp Workflow Management swamp@suse.de --- openSUSE-RU-2022:0073-1: An update that has two recommended fixes can now be installed.
Category: recommended (moderate) Bug References: 1184786,1195206 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): opi-2.4.4-bp153.2.3.1
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Johannes Segitz jsegitz@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.suse.com/s | |how_bug.cgi?id=1197169
https://bugzilla.suse.com/show_bug.cgi?id=1184786
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com
https://bugzilla.suse.com/show_bug.cgi?id=1184786 https://bugzilla.suse.com/show_bug.cgi?id=1184786#c35
--- Comment #35 from Maintenance Automation maint-coord+maintenance-robot@suse.de --- SUSE-FU-2023:0789-1: An update that contains one feature and has six feature fixes can now be installed.
Category: feature (important) Bug References: 1087426, 1166619, 1184786, 1207358, 1207563, 1207989 Jira References: PED-3628 Sources used: openSUSE Leap 15.4 (src): lapack-3.9.0-150000.4.13.2, lapack-man-3.9.0-150000.4.13.2 Basesystem Module 15-SP4 (src): lapack-3.9.0-150000.4.13.2 Development Tools Module 15-SP4 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Real Time 15 SP3 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): lapack-3.9.0-150000.4.13.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): lapack-3.9.0-150000.4.13.2 SUSE Manager Proxy 4.2 (src): lapack-3.9.0-150000.4.13.2 SUSE Manager Retail Branch Server 4.2 (src): lapack-3.9.0-150000.4.13.2 SUSE Manager Server 4.2 (src): lapack-3.9.0-150000.4.13.2 SUSE Enterprise Storage 7.1 (src): lapack-3.9.0-150000.4.13.2 SUSE Enterprise Storage 7 (src): lapack-3.9.0-150000.4.13.2 SUSE CaaS Platform 4.0 (src): lapack-3.9.0-150000.4.13.2
NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
-
bugzilla_noreply@suse.com