[Bug 798273] New: [13.1] ModemManager 0.8 review needed
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c0 Summary: [13.1] ModemManager 0.8 review needed Classification: openSUSE Product: openSUSE Factory Version: 12.3 Milestone 0 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: dimstar@opensuse.org QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Part of GNOME 3.8 (currently prepared in GNOME:Next until factore unfreezes) brings a new versin of ModemManager. rpmlintrc gives it a score of > 70000, for new polkit and dbus services (partially renames). Please review and add polkit permissions as needed. Package can be found at https://build.opensuse.org/package/show?package=ModemManager&project=GNOME%3ANext -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c1 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[13.1] ModemManager 0.8 |AUDIT-0: [13.1] |review needed |ModemManager 0.8 review | |needed --- Comment #1 from Sebastian Krahmer <krahmer@suse.com> 2013-01-14 07:56:53 UTC --- Since understaffed, we have a large AUDIT backlog. So, this can take some time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c2 --- Comment #2 from Dominique Leuenberger <dimstar@opensuse.org> 2013-01-14 08:40:56 UTC --- (In reply to comment #1)
Since understaffed, we have a large AUDIT backlog. So, this can take some time.
No problem (yet)... GNOME 3.8 is targeted for after openSUSE 12.3 release (end of March). for the community repo (G:S:3.8), I think we are fine with providing the package with a rpmlintrc file (disabling the warnings); once the 13.1 release opens, we'll want to push this to Factory of course, when it becomes more urgent (ETA will be mid April I guess). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c3 --- Comment #3 from Dominique Leuenberger <dimstar@opensuse.org> 2013-03-30 11:55:51 UTC --- Short update: as you surely know, Factory is open again and GNOME 3.8 is starting to flow in there... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c4 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High CC| |meissner@suse.com --- Comment #4 from Marcus Meissner <meissner@suse.com> 2013-04-03 15:58:09 UTC --- priorising up, will be taking a look soonish. (we have 50 open audit requests ... so if you need something faster tell us please) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c5 --- Comment #5 from Marcus Meissner <meissner@suse.com> 2013-04-03 16:16:25 UTC --- RPMLINT report: =============== ModemManager.x86_64: E: suse-dbus-unauthorized-service (Badness: 100) /etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf ModemManager.x86_64: E: suse-dbus-unauthorized-service (Badness: 100) /usr/share/dbus-1/system-services/org.freedesktop.ModemManager1.service The package installs a DBUS system service file. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the service by the security team. ModemManager.x86_64: I: polkit-untracked-privilege org.freedesktop.ModemManager1.Control (??:no:auth_admin) ModemManager.x86_64: I: polkit-untracked-privilege org.freedesktop.ModemManager1.Firmware (??:no:auth_admin) The privilege is not listed in /etc/polkit-default-privs.* which makes it harder for admins to find. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team ModemManager.x86_64: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.ModemManager1.Device.Control (??:no:auth_self_keep) ModemManager.x86_64: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.ModemManager1.Contacts (??:no:auth_self_keep) ModemManager.x86_64: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.ModemManager1.Messaging (??:no:auth_self_keep) ModemManager.x86_64: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.ModemManager1.Location (??:no:auth_self_keep) ModemManager.x86_64: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.ModemManager1.USSD (??:no:yes) The package allows unprivileged users to carry out privileged operations without authentication. This could cause security problems if not done carefully. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Control (??:no:auth_admin) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Device.Control (??:no:auth_self_keep) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Contacts (??:no:auth_self_keep) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Messaging (??:no:auth_self_keep) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Location (??:no:auth_self_keep) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.USSD (??:no:yes) ModemManager.x86_64: I: polkit-cant-acquire-privilege org.freedesktop.ModemManager1.Firmware (??:no:auth_admin) Usability can be improved by allowing users to acquire privileges via authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define 'allow_any'. This is an issue only if the privilege is not listed in /etc /polkit-default-privs.* -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c6 --- Comment #6 from Marcus Meissner <meissner@suse.com> 2013-04-15 15:59:52 UTC --- lets try a bit more relaxed methods than with the old interface. # ModemManager1 (bnc#798273) org.freedesktop.ModemManager1.Control auth_admin org.freedesktop.ModemManager1.Device.Control auth_admin org.freedesktop.ModemManager1.Contacts auth_admin:auth_admin:auth_self_keep org.freedesktop.ModemManager1.Messaging auth_admin:auth_admin:auth_self_keep org.freedesktop.ModemManager1.Location auth_admin:auth_admin:auth_self_keep org.freedesktop.ModemManager1.Firmware auth_admin Things were you can brick the device are still auth_admin. Messaging, Location and Contacts are auth_self_keep (for active desktop) USSD is also some form of messaging, but probably unused. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c7 --- Comment #7 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-16 07:00:16 CEST --- This is an autogenerated message for OBS integration: This bug (798273) was mentioned in https://build.opensuse.org/request/show/170884 Factory / rpmlint -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c8 --- Comment #8 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-16 10:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (798273) was mentioned in https://build.opensuse.org/request/show/170985 Factory / polkit-default-privs -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=798273 https://bugzilla.novell.com/show_bug.cgi?id=798273#c9 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #9 from Marcus Meissner <meissner@suse.com> 2013-04-16 08:43:24 UTC --- done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com