https://bugzilla.novell.com/show_bug.cgi?id=854840 https://bugzilla.novell.com/show_bug.cgi?id=854840#c0 Summary: AUDIT-0: k3b: Security Review requested due to suse-dbus-unauthorized-service, polkit-untracked-privilege and polkit-cant-acquire-privilege Classification: openSUSE Product: openSUSE Factory Version: 13.2 Milestone 0 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: hrvoje.senjan@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.11 Safari/537.36 SUSE/31.0.1650.11 Requesting whitelist of k3b package from KDE:Extra: (none): E: badness 20000 exceeds threshold 1000, aborting. k3b.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /usr/share/dbus-1/system-services/org.kde.k3b.service k3b.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/org.kde.k3b.conf The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team. k3b.x86_64: I: polkit-untracked-privilege org.kde.k3b.addtogroup (??:no:auth_admin) k3b.x86_64: I: polkit-untracked-privilege org.kde.k3b.updatepermissions (??:no:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team k3b.x86_64: I: polkit-cant-acquire-privilege org.kde.k3b.addtogroup (??:no:auth_admin) k3b.x86_64: I: polkit-cant-acquire-privilege org.kde.k3b.updatepermissions (??:no:auth_admin) Usability can be improved by allowing users to acquire privileges via authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define 'allow_any'. This is an issue only if the privilege is not listed in /etc /polkit-default-privs.* Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.