[Bug 1125433] New: gvfs: removal of /usr/share/polkit-1/rules.d/org.gtk.vfs.file-operations.rules
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Bug ID: 1125433 Summary: gvfs: removal of /usr/share/polkit-1/rules.d/org.gtk.vfs.file-operation s.rules Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: bnc-team-gnome@forge.provo.novell.com Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- As described in bug 1125314 we want to remove polkit rules files that grant members of the wheel group special privileges. gvfsd-backends ships one such rules file in /usr/share/polkit-1/rules.d/org.gtk.vfs.file-operations.rules. This file is currently not effective anyways, because the polkit-default-privs take precendence over it. I suggest to move this file to /usr/share/doc/... as an example for users that want to manually enable this rule on their system. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1125314 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c1 --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- A new rpmlint-check is effective in Factory by now that generates a warning about files installed in rules.d without a whitelisting. In a while we will make this an error. So please adjust your package accordingly to avoid a broken build. Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c2 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dimstar@opensuse.org, | |sreeves@suse.com --- Comment #2 from Matthias Gerstner <matthias.gerstner@suse.com> --- This is a friendly reminder to work on this topic. In a while the new rpmlint check will cause badness and thus the package build will fail if this is not adjusted accordingly. Thank you! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c3 Scott Reeves <sreeves@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-gnome@forge.provo. |mgorse@suse.com |novell.com | --- Comment #3 from Scott Reeves <sreeves@suse.com> --- Mike - can you take this one. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |ibs:running:11406:moderate -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:11406:moderate |ibs:running:11406:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2019:1717-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1125433,1136981,1136986,1136992,1137930 CVE References: CVE-2019-12447,CVE-2019-12448,CVE-2019-12449,CVE-2019-12795 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): gvfs-1.34.2.1-4.13.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): gvfs-1.34.2.1-4.13.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): gvfs-1.34.2.1-4.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:11406:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:10541:important | |obs:running:10540:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2019:1699-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1125433,1136981,1136986,1136992,1137930 CVE References: CVE-2019-12447,CVE-2019-12448,CVE-2019-12449,CVE-2019-12795 Sources used: openSUSE Leap 15.0 (src): gvfs-1.34.2.1-lp150.3.10.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 http://bugzilla.suse.com/show_bug.cgi?id=1125433#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2019:1697-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1125433,1136981,1136986,1136992,1137930 CVE References: CVE-2019-12447,CVE-2019-12448,CVE-2019-12449,CVE-2019-12795 Sources used: openSUSE Leap 15.1 (src): gvfs-1.34.2.1-lp151.6.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1125433 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:10541:important | |obs:running:10540:important | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1125433 https://bugzilla.suse.com/show_bug.cgi?id=1125433#c14 --- Comment #14 from Matthias Gerstner <matthias.gerstner@suse.com> --- (In reply to bjorn.lie@gmail.com from comment #12)
I'd like to reopen this
The premise in comment 1 is wrong.
You probably mean comment 0 "This file is currently not effective anyways", no? Can you please open a separate bug instead of reopening this one? This bug was about the removal of the rules, which took already place, if you want it to be re-added then please open a new bug referencing this one and explaining your reasons. In the meanwhile I will investigate the current situation on Tumbleweed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com