https://bugzilla.novell.com/show_bug.cgi?id=753908 https://bugzilla.novell.com/show_bug.cgi?id=753908#c0 Summary: Request for security team review: RecordItNow DBus services and polkit policy Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: i@marguerite.su QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.4 (KHTML, like Gecko) Chrome/19.0.1074.0 Safari/536.4 SUSE/19.0.1074.0 Hi, security team, I'm working on a "clean" version of RecordItNow( strip ffmpeg and mplayer off by default but provide rebuild possibility), which actually is the most powerful desktop recorder under KDE enviroment. And it told me these two warnings: recorditnow.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/org.kde.recorditnow.helper.conf recorditnow.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/org.kde.recorditnow.helper.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team. and recorditnow.x86_64: I: polkit-untracked-privilege org.kde.recorditnow.helper.watch (auth_admin_keep_always:auth_admin_keep_always:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team I think I should let you know. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.