https://bugzilla.suse.com/show_bug.cgi?id=1195023 https://bugzilla.suse.com/show_bug.cgi?id=1195023#c1 --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- Thanks for creating the audit bug. We will schedule the review and report back when it's done. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1195023 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsegitz@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1195023 https://bugzilla.suse.com/show_bug.cgi?id=1195023#c2 --- Comment #2 from Filippo Bonazzi <filippo.bonazzi@suse.com> --- # Introduction `budgie-control-center` is an application for the Budgie DE, which uses the GTK framework. It provides an unified way to handle system settings. The application performs three privileged operations, namely date/time configuration, remote login configuration (SSH enabling and disabling), and user account administration. While this application is new in OBS, it is a fork of `gnome-control-center` from the Gnome DE, which has been in OBS for a long time. # Date/time configuration This is mostly done in `panels/datetime/cc-datetime-panel.c`. The panel is locked if the user does not have Polkit permissions `DATETIME_PERMISSION` and `DATETIME_TZ_PERMISSION`, corresponding to `org.buddiesofbudgie.controlcenter.datetime.configure`. This Polkit action is detailed in `panels/datetime/org.buddiesofbudgie.controlcenter.datetime.policy.in`, that is packaged in the RPM as `/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.datetime.policy`. The action is authorized only for active local sessions, and requires authentication by an administrative user. Once the panel has been unlocked by an administrative user, the application allows setting date, time and timezone settings. I could not find any issues with the privileged operations performed by this panel. This panel does not have meaningful differences from the corresponding panel in `gnome-control-center`. # Remote login configuration ("Sharing") This is done in `panels/sharing/cc-sharing-panel.c` and `panels/sharing/cc-remote-login.c`. The panel is started in the `disabled` state, but the actual privileged operation is toggling the "Remote Login" button. This button invokes a helper application (`cc-remote-login-helper.c`, packaged as `/usr/libexec/budgie-cc-remote-login-helper`), which activates or deactivates the `sshd` service. This application is authorized via Polkit with the action `org.buddiesofbudgie.controlcenter.remote-login-helper`, that is packaged in the RPM as `/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.remote-login-helper.policy`. The action is authorized only for active local sessions, and requires authentication by an administrative user. Once the action has been authorized by an administrative user, the helper application is launched with elevated privileges and enables/disables the `sshd` service by interacting with systemd over DBus. To enable remote login, the application invokes the `StartUnit` and `EnableUnitFiles` systemd commands for the `sshd` service. To disable it, the application conversely invokes the `StopUnit` and `DisableUnitFiles` systemd commands for the `sshd` service. The helper application is very simple, taking one command line parameter ("enable"/"disable") and containing only the `enable_ssh_service()` and `disable_ssh_service()` functions. I could not find any issues in this helper application either. This panel does not have meaningful differences from the corresponding panel in `gnome-control-center`. # User administration This is mostly done in `panels/user-accounts/cc-user-panel.c`. Most of the panel is locked if the user does not have Polkit permission `USER_ACCOUNTS_PERMISSION`, corresponding to `org.buddiesofbudgie.controlcenter.user-accounts.administration`. This Polkit action is detailed in `panels/user-accounts/org.buddiesofbudgie.controlcenter.user-accounts.policy.in`, that is packaged in the RPM as `/usr/share/polkit-1/actions/org.buddiesofbudgie.controlcenter.user-accounts.policy`. The action is authorized only for active local sessions, and requires authentication by an administrative user. The panel allows the current user to change their display name and password without requiring authorization by an administrative user. Once the panel has been unlocked by an administrative user, the application allows performing more user account administration actions, such as enabling/disabling passwordless login for the current user, adding, configuring and removing other user accounts. I could not find any issues with the privileged operations performed by this panel. This panel does not have meaningful differences from the corresponding panel in `gnome-control-center`. # Summary None of the panels performing privileged operations seem to have any obvious issues. The application itself is very large, and use of the GTK framework makes code analysis quite difficult. None of the panels performing privileged operations has any meaningful differences from the corresponding panel in `gnome-control-center`. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1195023 https://bugzilla.suse.com/show_bug.cgi?id=1195023#c5 Filippo Bonazzi <filippo.bonazzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Filippo Bonazzi <filippo.bonazzi@suse.com> --- Whitelisting added for Factory and SLE15SP4 -- You are receiving this mail because: You are on the CC list for the bug.