Bug ID: 1175720 Summary: New packager physlock requires suid bit root otherwise it does not work Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: email@example.com Reporter: firstname.lastname@example.org QA Contact: email@example.com Found By: --- Blocker: ---
This is what I see
[ 7s] physlock.x86_64: W: permissions-file-setuid-bit /usr/bin/physlock is packaged with setuid/setgid bits (04755) [ 7s] If the package is intended for inclusion in any SUSE product please open a [ 7s] bug report to request review of the package by the security team. Please [ 7s] refer to [ 7s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 7s] more information.
to be able to submit this package to Factory I'd like to ask for a review by the security team.
For more information about physlock, see https://github.com/muennich/physlock as well as the manual page of the current package physlock below security repostitory.
--- Comment #4 from Dr. Werner Fink firstname.lastname@example.org --- This will require some patching as physlock has to access /dev/tty0, /proc/sys/kernel/sysrq, and/or /proc/sys/kernel/printk ... using the existing group tty is not enough as in code uid check is hard coded
--- Comment #6 from Dr. Werner Fink email@example.com --- Hmmm ... what about group sys ... is this in use or only historical
--- Comment #7 from Dr. Werner Fink firstname.lastname@example.org --- I'm now simply using group root with 4750
--- Comment #11 from OBSbugzilla Bot email@example.com --- This is an autogenerated message for OBS integration: This bug (1175720) was mentioned in https://build.opensuse.org/request/show/931965 15.3 / permissions