[Bug 1200666] New: AUDIT-0 please: security audit for permissions-file-setuid-bit
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666 Bug ID: 1200666 Summary: AUDIT-0 please: security audit for permissions-file-setuid-bit Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: novell@virtual.drop.net QA Contact: qa-bugs@suse.de CC: ed-suse.com@s5h.net, jsegitz@suse.com, matthias.gerstner@suse.com, security-team@suse.de Depends on: 1200665, 1183669 Found By: --- Blocker: --- Hello, Would you mind performing a security review for me? please is a memory safe sudo alternative that focuses on assigning rules with familiar regex syntax. The pacakge is at https://build.opensuse.org/package/show/home:eneville/pleaser. Upstream source is at https://gitlab.com/edneville/please The message from the build service is: [ 174s] please.x86_64: E: permissions-file-setuid-bit (Badness: 10) /usr/bin/please is packaged with setuid/setgid bits (04755) [ 174s] please.x86_64: E: permissions-file-setuid-bit (Badness: 10) /usr/bin/pleaseedit is packaged with setuid/setgid bits (04755) [ 174s] If the package is intended for inclusion in any SUSE product please open a [ 174s] bug report to request review of the package by the security team. Please [ 174s] refer to [ 174s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 174s] more information. Thank you very much in advance. This request was approved for Tumbleweed: https://bugzilla.opensuse.org/show_bug.cgi?id=1183669#c15 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666 Bug 1200666 depends on bug 1200665, which changed state. Bug 1200665 Summary: AUDIT-0 please: security audit for permissions-file-setuid-bit http://bugzilla.opensuse.org/show_bug.cgi?id=1200665 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666#c2
Matthew Davis
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666
http://bugzilla.opensuse.org/show_bug.cgi?id=1200666#c3
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com