[Bug 1155691] New: AUDIT-0: home:giovanism:slack: setuid binary whitelisting request
http://bugzilla.opensuse.org/show_bug.cgi?id=1155691 Bug ID: 1155691 Summary: AUDIT-0: home:giovanism:slack: setuid binary whitelisting request Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://build.opensuse.org/package/live_build_log/home :giovanism/slack/openSUSE_Tumbleweed/x86_64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: giovanmail@gmail.com QA Contact: security-team@suse.de Found By: --- Blocker: --- For my package found in OBS in <project>:<package> I would like a whitelisting for the following rpmlint error: slack.x86_64: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib64/slack/chrome-sandbox is packaged with setuid/setgid bits (04755) If the package is intended for inclusion in any SUSE product please open a bug report to request review of the program by the security team. Please refer to https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for more information. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1155691
http://bugzilla.opensuse.org/show_bug.cgi?id=1155691#c5
--- Comment #5 from Giovan Isa Musthofa
Thank you for opening the bug!
(In reply to giovanmail@gmail.com from comment #2)
(In reply to Johannes Segitz from comment #1)
do you intend to submit this to openSUSE? rpmlint will (soonish) ignore such issues in home directories, so if this for your own use nothing needs to be done here and it should solve itself
When do I expect this change to take effect?
There is no fixed date we can give you yet but it's probably a few weeks. Us actually reviewing the code would also take a while, however. Do you have plans to forward this package to openSUSE:Factory?
The chrome-sandbox you package here is actually already packaged in the chromium package. What is the background of that? Could you probably use just the chrome-sandbox from the chromium package? Then no review would be necessary at all. Having the same setuid binary twice in the distribution would be rather unfortunate anyways.
It would be nice if it can get to openSUSE:Factory. What does it take to forward this to openSUSE:Factory? I just checked the package files and yes there is a chrome-sandbox. Actually, I just forked this package from https://build.opensuse.org/package/show/home:nuklly/slack and download the latest package from slack official website. They only provide this rpm, so that's all I have. I'm all for less work and faster release schedule for the packages. But I haven't found guides or example for editing and building package from existing one. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com