https://bugzilla.suse.com/show_bug.cgi?id=1206756 https://bugzilla.suse.com/show_bug.cgi?id=1206756#c1 --- Comment #1 from Callum Farmer <gmbr3@opensuse.org> --- https://build.opensuse.org/request/show/1045903 -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1206756 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |matthias.gerstner@suse.com, | |wolfgang.frisch@suse.com Assignee|security-team@suse.de |wolfgang.frisch@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1206756 https://bugzilla.suse.com/show_bug.cgi?id=1206756#c4 --- Comment #4 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- This package integrates the `iodine` IPv4-over-DNS client with NetworkManager. It is comprised of two parts, a GTK UI and a D-Bus service. Both are only accessible with root credentials. The D-Bus service `nm-iodine-service` runs under a separate system user account (`nm-iodine`) without any special privileges, no shell and no home directory. The service itself is written in glib-style C, of decent quality, in less than 1 kLOC. It interacts with the iodine binary, executing it asynchronously and parsing its output. Subprocess execution is performed with a proper argv-array. Its output is parsed with low level string manipulation with sufficient checks and range-checked glib functions. All good, as far as I can see. The underlying `iodine` package might be a different matter but that's outside the scope of this review. I will proceed with the whitelisting. -- You are receiving this mail because: You are on the CC list for the bug.