[Bug 1184787] New: Deduplicate directory ownership with filesystem package
https://bugzilla.suse.com/show_bug.cgi?id=1184787 Bug ID: 1184787 Summary: Deduplicate directory ownership with filesystem package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: dmueller@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hi, checksec pointed out that various directories in our /usr are 0755 while they're 0555 on Fedora and Red Hat. For more hardened environments this might make a difference, as it prevents a user "root" that doesn't have DAC_OVERRIDE permission to no longer write/create files there. In order to achieve that, only one package need to own the permissions of that directory. currently we have various packages co-owning it, which means actual permission would depend on installation order, and we'd get installation conflicts. This can be prevented by de-duplicating directory ownership. this is a tracker bug that tracks the work related to it. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1184787 https://bugzilla.suse.com/show_bug.cgi?id=1184787#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10020-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1184787,1185705 CVE References: CVE-2021-32055,CVE-2022-1328 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): neomutt-20220429-bp154.2.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com