https://bugzilla.suse.com/show_bug.cgi?id=1172731 https://bugzilla.suse.com/show_bug.cgi?id=1172731#c14 Johannes Segitz changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jsegitz@suse.com) | --- Comment #14 from Johannes Segitz --- (In reply to Axel Braun from comment #12) Thanks for the submissions. The permissions are better, but still not perfect. E.g. in /var/spool/hylafax/bin most files are now owned by root, but genfontmap.ps is not. Why? Postscript is a turing complete language and as this file is used in /usr/sbin/faxsetup this might be used to escalate privileges (didn't try it). Please reorder the file list to have all files with default permissions (e.g. owned by root) at the top and then have the exeptions at the end. Currently it's changed several times, which introduces unnecessary risks and makes it hard to read. Please check if %{faxspool}/config/* %{faxspool}/bin/dict/* %{faxspool}/bin/genfontmap.ps %{faxspool}/bin/auto-rotate.ps %{faxspool}%{_sysconfdir}/dpsprinter.ps %{faxspool}%{_sysconfdir}/cover.templ %{faxspool}%{_sysconfdir}/lutRS18.pcf %{faxspool}%{_sysconfdir}/LiberationSans-25.pcf %config(noreplace) %{faxspool}%{_sysconfdir}/dialrules* really need to be owned by uucp -- You are receiving this mail because: You are on the CC list for the bug.