[Bug 1228058] New: AUDIT-0: emacs-games: allow shared score files and setgid with group "games" helper program
https://bugzilla.suse.com/show_bug.cgi?id=1228058 Bug ID: 1228058 Summary: AUDIT-0: emacs-games: allow shared score files and setgid with group "games" helper program Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: werner@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Please allow emacs to use a setgid (group "games") helper executable /usr/libexec/emacs/%{version}/%{_target_cpu}-suse-linux/update-game-score to modify score files below ll -d /var/games/emacs/ drwxrwxr-x 2 games games 47 Feb 5 05:07 /var/games/emacs/ Current emacs in project editors now has a new package emacs-games which shows -rwxr-sr-x 1 games games 18552 Jul 17 14:29 /usr/libexec/emacs/29.4/x86_64-suse-linux/update-game-score drwxr-xr-x 2 root root 0 Jul 17 14:29 /usr/share/permissions/permissions.d -rw-r--r-- 1 root root 77 Jul 17 14:29 /usr/share/permissions/permissions.d/emacs-games -rw-r--r-- 1 root root 77 Jul 17 14:29 /usr/share/permissions/permissions.d/emacs-games.paranoid drwxrwxr-x 2 games games 0 Jul 17 14:29 /var/games/emacs -rw-rw---- 1 games games 0 Jul 17 14:29 /var/games/emacs/snake-scores -rw-rw---- 1 games games 0 Jul 17 14:29 /var/games/emacs/tetris-scores -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1228058 https://bugzilla.suse.com/show_bug.cgi?id=1228058#c2 --- Comment #2 from Dr. Werner Fink <werner@suse.com> --- (In reply to Matthias Gerstner from comment #1)
I wouldn't have thought that stuff like this really still exists these days. It will need a thorough review, but even then I wonder if we want to give away privileges for a feature that will hardly be used anywhere anymore.
You mean nobody is playing games with emacs? ... There are a lot of games in emacs as well as a psychotherapist and AFAIK those are still played ... nevertheless I've splitted of emacs-games as its own packages for those who be a cold fish. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1228058 https://bugzilla.suse.com/show_bug.cgi?id=1228058#c7 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(matthias.gerstner | |@suse.com) --- Comment #7 from Dr. Werner Fink <werner@suse.com> --- OK ... this should work: werner/emacs> rpm -qlvp /abuild/oscbuild/openSUSE_Tumbleweed/home/abuild/rpmbuild/RPMS/x86_64/emacs-games-29.4-0.x86_64.rpm -rwxr-xr-x 1 root root 18552 Jul 23 11:06 /usr/libexec/emacs/29.4/x86_64-suse-linux/update-game-score drwxr-x--- 2 root games 0 Jul 23 11:06 /var/games/emacs -rw-rw---- 1 root games 0 Jul 23 11:06 /var/games/emacs/snake-scores -rw-rw---- 1 root games 0 Jul 23 11:06 /var/games/emacs/tetris-scores rpm -qip /abuild/oscbuild/openSUSE_Tumbleweed/home/abuild/rpmbuild/RPMS/x86_64/emacs-games-29.4-0.x86_64.rpm | sed -rn '/^Description/,$p' Description : This package provides capability to play games for members of the user group called "games". Distribution: editors / openSUSE_Tumbleweed -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1228058 https://bugzilla.suse.com/show_bug.cgi?id=1228058#c8 --- Comment #8 from Dr. Werner Fink <werner@suse.com> --- Means it is up on the system admin to add trustworthy users to the group games -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1228058 https://bugzilla.suse.com/show_bug.cgi?id=1228058#c11 --- Comment #11 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1228058) was mentioned in https://build.opensuse.org/request/show/1189610 Factory / emacs -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1228058 https://bugzilla.suse.com/show_bug.cgi?id=1228058#c12 --- Comment #12 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1228058) was mentioned in https://build.opensuse.org/request/show/1194712 Factory / emacs -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com