https://bugzilla.suse.com/show_bug.cgi?id=1216832 Bug ID: 1216832 Summary: whitelisting of new polkit files for fwupd 1.9.7 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: dimstar@opensuse.org QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Package can be found in home:dimstar:Factory/fwupd [ 114s] fwupd.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.fwupd.fix-host-security-attr (auth_admin:no:auth_admin) [ 114s] fwupd.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.freedesktop.fwupd.undo-host-security-attr (auth_admin:no:auth_admin) [ 114s] The polkit action is not listed in the polkit-default-privs profiles which [ 114s] makes it harder for admins to find. Furthermore improper polkit authorization [ 114s] checks can easily introduce security issues. If the package is intended for [ 114s] inclusion in any SUSE product please open a bug report to request review of [ 114s] the package by the security team. Please refer to [ 114s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 114s] more information. -- You are receiving this mail because: You are on the CC list for the bug.