https://bugzilla.suse.com/show_bug.cgi?id=1172731
https://bugzilla.suse.com/show_bug.cgi?id=1172731#c14
Johannes Segitz changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(jsegitz@suse.com) |
--- Comment #14 from Johannes Segitz ---
(In reply to Axel Braun from comment #12)
Thanks for the submissions. The permissions are better, but still not perfect.
E.g. in /var/spool/hylafax/bin most files are now owned by root, but
genfontmap.ps is not. Why? Postscript is a turing complete language and as this
file is used in /usr/sbin/faxsetup this might be used to escalate privileges
(didn't try it).
Please reorder the file list to have all files with default permissions (e.g.
owned by root) at the top and then have the exeptions at the end. Currently
it's changed several times, which introduces unnecessary risks and makes it
hard to read.
Please check if
%{faxspool}/config/*
%{faxspool}/bin/dict/*
%{faxspool}/bin/genfontmap.ps
%{faxspool}/bin/auto-rotate.ps
%{faxspool}%{_sysconfdir}/dpsprinter.ps
%{faxspool}%{_sysconfdir}/cover.templ
%{faxspool}%{_sysconfdir}/lutRS18.pcf
%{faxspool}%{_sysconfdir}/LiberationSans-25.pcf
%config(noreplace) %{faxspool}%{_sysconfdir}/dialrules*
really need to be owned by uucp
--
You are receiving this mail because:
You are on the CC list for the bug.