https://bugzilla.suse.com/show_bug.cgi?id=1234134 Bug ID: 1234134 Summary: AUDIT-0: timekpr-next: review of new D-Bus service com.timekpr.server, new polkit action com.ubuntu.timekpr.pkexec Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: svalx78@gmail.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- For package found in OBS in X11:Utilities:timekpr-next I would like a whitelisting for the following rpmlint errors: timekpr-next.noarch: E: polkit-untracked-privilege (Badness: 10) com.ubuntu.timekpr.pkexec (auth_admin:auth_admin:auth_admin) The polkit action is not listed in the polkit-default-privs profiles which makes it harder for admins to find. Furthermore improper polkit authorization checks can easily introduce security issues. timekpr-next.noarch: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/timekpr.conf (sha256 file digest default filter:499245aea51f15a98d88a81e0352b9f3c7a1acad3abc53b5ca1ec5dd10e8441a shell filter:670fbbd637a7db138caded139420cb5bc41f24b4a3a1106cde4fb2f489f71ffb xml filter:37117f57a599e1d0b8f565e493b6dc1c152683ea6d9fa8183e7f592143713934) Packaging D-Bus services requires a review and whitelisting by the SUSE security team. Package can be found at https://build.opensuse.org/package/show/X11:Utilities/timekpr-next Sources at https://launchpad.net/timekpr-next I am plan to submit this package to Factory. -- You are receiving this mail because: You are on the CC list for the bug.