https://bugzilla.suse.com/show_bug.cgi?id=1232244 Bug ID: 1232244 Summary: AUDIT-0: xfce4-power-manager: New PolKit rules added Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: manfred.h@gmx.net QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 878186 --> https://bugzilla.suse.com/attachment.cgi?id=878186&action=edit Full build log xfce4-power-manager-4.19.3 has added polkit rules [ 43s] RPMLINT report: [ 43s] =============== [ 44s] xfce4-power-manager.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.xfce.power.xfce4-pm-helper (auth_admin:auth_admin:yes) [ 44s] The package allows unprivileged users to carry out privileged operations [ 44s] without authentication. This could cause security problems if not done [ 44s] carefully. If the package is intended for inclusion in any SUSE product please [ 44s] open a bug report to request review of the package by the security team. [ 44s] Please refer to [ 44s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 44s] more information. [ 44s] [ 44s] (none): E: badness 10000 exceeds threshold 1000, aborting. OBS repo: https://build.opensuse.org/package/show/home:manfred-h:X11:xfce:4.19/xfce4-p... -- You are receiving this mail because: You are on the CC list for the bug.