[Bug 1033300] New: AUDIT-1: smb4k: new DBus service net.sourceforge.smb4k.mounthelper.mount
http://bugzilla.suse.com/show_bug.cgi?id=1033300 Bug ID: 1033300 Summary: AUDIT-1: smb4k: new DBus service net.sourceforge.smb4k.mounthelper.mount Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: dmueller@suse.com Found By: --- Blocker: --- It's come to the attention of the security team that the package KDE:Extra/smb4k slipped into openSUSE:Factory and openSUSE:Leap 42.{1,2} without going through a proper DBus/polkit review. It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc. This was already reviewed in bug 749065 but was renamed from de.berlios.smb4k.mounthelper.mount, it seems. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033300
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033300
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c2
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c3
--- Comment #3 from Matthias Gerstner
FTR, there already was bug#915714 for this...
thanks for the hint. It seems this review got lost, still the package should not have entered openSUSE without an audit. We'll need to catch up on this. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c4
Sebastian Krahmer
http://bugzilla.suse.com/show_bug.cgi?id=1033300
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c15
--- Comment #15 from Wolfgang Bauer
You can try to fix the devel project for smb4k. You can submit a variant with the mount helper completely disabled, which would be safe and quick.
I just did that: https://build.opensuse.org/request/show/495692 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c16
--- Comment #16 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1033300
http://bugzilla.suse.com/show_bug.cgi?id=1033300#c17
--- Comment #17 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com