commit permissions for openSUSE:Factory
Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at Wed Sep 21 17:17:17 CEST 2011. -------- --- permissions/permissions.changes 2011-06-28 14:53:50.000000000 +0200 +++ /mounts/work_src_done/STABLE/permissions/permissions.changes 2011-09-21 10:01:31.000000000 +0200 @@ -1,0 +2,18 @@ +Wed Sep 21 08:00:28 UTC 2011 - lnussel@suse.de + +- fix typo in path + +------------------------------------------------------------------- +Tue Sep 20 14:47:30 UTC 2011 - lnussel@suse.de + +- remove world writable /var/crash again (bnc#438041) +- remove world writable permissions from /usr/src/packages (bnc#719217) + +------------------------------------------------------------------- +Tue Sep 20 13:38:48 UTC 2011 - lnussel@suse.de + +- add chromium browser sandbox helper (bnc#718016) +- don't offer PERMISSION_SECURITY in config anymore +- remove setgid games bits (bnc#429882) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- permissions-2011.06.28.1452.tar.bz2 New: ---- permissions-2011.09.21.1000.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.gu3k8q/_old 2011-09-21 17:17:12.000000000 +0200 +++ /var/tmp/diff_new_pack.gu3k8q/_new 2011-09-21 17:17:12.000000000 +0200 @@ -24,7 +24,7 @@ License: GPLv2+ Group: Productivity/Security AutoReqProv: on -Version: 2011.06.28.1452 +Version: 2011.09.21.1000 Release: 1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++++++ permissions-2011.06.28.1452.tar.bz2 -> permissions-2011.09.21.1000.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions new/permissions-2011.09.21.1000/permissions --- old/permissions-2011.06.28.1452/permissions 2011-06-28 14:52:01.000000000 +0200 +++ new/permissions-2011.09.21.1000/permissions 2011-09-21 10:00:05.000000000 +0200 @@ -167,12 +167,53 @@ /lib/udev/devices/zero root:root 0666 # -# directory for system crash dumps (#438041) -# -/var/crash/ root:root 1777 - -# # named chroot (#438045) # /var/lib/named/dev/null root:root 0666 /var/lib/named/dev/random root:root 0666 + +# we no longer make rpm build dirs 1777 +/usr/src/packages/SOURCES/ root:root 0755 +/usr/src/packages/BUILD/ root:root 0755 +/usr/src/packages/BUILDROOT/ root:root 0755 +/usr/src/packages/RPMS/ root:root 0755 +/usr/src/packages/RPMS/alphaev56/ root:root 0755 +/usr/src/packages/RPMS/alphaev67/ root:root 0755 +/usr/src/packages/RPMS/alphaev6/ root:root 0755 +/usr/src/packages/RPMS/alpha/ root:root 0755 +/usr/src/packages/RPMS/amd64/ root:root 0755 +/usr/src/packages/RPMS/arm4l/ root:root 0755 +/usr/src/packages/RPMS/armv4l/ root:root 0755 +/usr/src/packages/RPMS/armv5tejl/ root:root 0755 +/usr/src/packages/RPMS/armv5tejvl/ root:root 0755 +/usr/src/packages/RPMS/armv5tel/ root:root 0755 +/usr/src/packages/RPMS/armv5tevl/ root:root 0755 +/usr/src/packages/RPMS/armv6l/ root:root 0755 +/usr/src/packages/RPMS/armv6vl/ root:root 0755 +/usr/src/packages/RPMS/armv7l/ root:root 0755 +/usr/src/packages/RPMS/athlon/ root:root 0755 +/usr/src/packages/RPMS/geode/ root:root 0755 +/usr/src/packages/RPMS/hppa2.0/ root:root 0755 +/usr/src/packages/RPMS/hppa/ root:root 0755 +/usr/src/packages/RPMS/i386/ root:root 0755 +/usr/src/packages/RPMS/i486/ root:root 0755 +/usr/src/packages/RPMS/i586/ root:root 0755 +/usr/src/packages/RPMS/i686/ root:root 0755 +/usr/src/packages/RPMS/ia32e/ root:root 0755 +/usr/src/packages/RPMS/ia64/ root:root 0755 +/usr/src/packages/RPMS/mips/ root:root 0755 +/usr/src/packages/RPMS/noarch/ root:root 0755 +/usr/src/packages/RPMS/pentium3/ root:root 0755 +/usr/src/packages/RPMS/pentium4/ root:root 0755 +/usr/src/packages/RPMS/powerpc64/ root:root 0755 +/usr/src/packages/RPMS/powerpc/ root:root 0755 +/usr/src/packages/RPMS/ppc64/ root:root 0755 +/usr/src/packages/RPMS/ppc/ root:root 0755 +/usr/src/packages/RPMS/s390/ root:root 0755 +/usr/src/packages/RPMS/s390x/ root:root 0755 +/usr/src/packages/RPMS/sparc64/ root:root 0755 +/usr/src/packages/RPMS/sparc/ root:root 0755 +/usr/src/packages/RPMS/sparcv9/ root:root 0755 +/usr/src/packages/RPMS/x86_64/ root:root 0755 +/usr/src/packages/SPECS/ root:root 0755 +/usr/src/packages/SRPMS/ root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions.easy new/permissions-2011.09.21.1000/permissions.easy --- old/permissions-2011.06.28.1452/permissions.easy 2011-06-28 14:52:01.000000000 +0200 +++ new/permissions-2011.09.21.1000/permissions.easy 2011-09-21 10:00:05.000000000 +0200 @@ -85,48 +85,6 @@ # # mixed section: # -######################################################################### -# rpm subsystem: -/usr/src/packages/SOURCES/ root:root 1777 -/usr/src/packages/BUILD/ root:root 1777 -/usr/src/packages/BUILDROOT/ root:root 1777 -/usr/src/packages/RPMS/ root:root 1777 -/usr/src/packages/RPMS/alpha/ root:root 1777 -/usr/src/packages/RPMS/alphaev56/ root:root 1777 -/usr/src/packages/RPMS/alphaev67/ root:root 1777 -/usr/src/packages/RPMS/alphaev6/ root:root 1777 -/usr/src/packages/RPMS/arm4l/ root:root 1777 -/usr/src/packages/RPMS/athlon/ root:root 1777 -/usr/src/packages/RPMS/i386/ root:root 1777 -/usr/src/packages/RPMS/i486/ root:root 1777 -/usr/src/packages/RPMS/i586/ root:root 1777 -/usr/src/packages/RPMS/i686/ root:root 1777 -/usr/src/packages/RPMS/ia64/ root:root 1777 -/usr/src/packages/RPMS/mips/ root:root 1777 -/usr/src/packages/RPMS/ppc/ root:root 1777 -/usr/src/packages/RPMS/ppc64/ root:root 1777 -/usr/src/packages/RPMS/powerpc/ root:root 1777 -/usr/src/packages/RPMS/powerpc64/ root:root 1777 -/usr/src/packages/RPMS/s390/ root:root 1777 -/usr/src/packages/RPMS/s390x/ root:root 1777 -/usr/src/packages/RPMS/sparc/ root:root 1777 -/usr/src/packages/RPMS/sparcv9/ root:root 1777 -/usr/src/packages/RPMS/sparc64/ root:root 1777 -/usr/src/packages/RPMS/x86_64/ root:root 1777 -/usr/src/packages/RPMS/armv4l/ root:root 1777 -/usr/src/packages/RPMS/armv5tel/ root:root 1777 -/usr/src/packages/RPMS/armv5tevl/ root:root 1777 -/usr/src/packages/RPMS/armv5tejl/ root:root 1777 -/usr/src/packages/RPMS/armv5tejvl/ root:root 1777 -/usr/src/packages/RPMS/armv6l/ root:root 1777 -/usr/src/packages/RPMS/armv6vl/ root:root 1777 -/usr/src/packages/RPMS/armv7l/ root:root 1777 -/usr/src/packages/RPMS/hppa/ root:root 1777 -/usr/src/packages/RPMS/hppa2.0/ root:root 1777 -/usr/src/packages/RPMS/noarch/ root:root 1777 -/usr/src/packages/SPECS/ root:root 1777 -/usr/src/packages/SRPMS/ root:root 1777 -######################################################################### # video /usr/bin/v4l-conf root:video 4755 # Itanium ia32 emulator @@ -316,68 +274,6 @@ /usr/lib/uucp/uucico uucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 - -# -# games of all kinds, toys -# - -# bsd-games -/usr/games/atc games:games 2755 -/usr/games/battlestar games:games 2755 -/usr/games/canfield games:games 2755 -/usr/games/cribbage games:games 2755 -/usr/games/phantasia games:games 2755 -/usr/games/robots games:games 2755 -/usr/games/sail games:games 2755 -/usr/games/snake games:games 2755 -/usr/games/tetris-bsd games:games 2755 - -# Maelstrom -/usr/games/Maelstrom games:games 2755 - -# pachi -/usr/games/pachi games:games 2755 -/usr/games/martian games:games 2755 - -# nethack -/usr/lib/nethack/nethack.tty games:games 2755 - -# chromium, -/usr/games/chromium games:games 2755 - -# xscrabble -/usr/games/xscrab games:games 2755 - -# trackballs -/usr/games/trackballs games:games 2755 - -# ltris -/usr/games/ltris games:games 2755 - -# xlogical -/usr/games/xlogical games:games 2755 - -# lbreakout -/usr/games/lbreakout2 games:games 2755 - -# xgalaga -/usr/bin/xgalaga games:games 2755 - -# rocksndiamonds -/usr/games/rocksndiamonds games:games 2755 - -# gnome-games -/usr/bin/glines games:games 2755 -/usr/bin/gnibbles games:games 2755 -/usr/bin/gnobots2 games:games 2755 -/usr/bin/gnometris games:games 2755 -/usr/bin/gnomine games:games 2755 -/usr/bin/gnotravex games:games 2755 -/usr/bin/gnotski games:games 2755 -/usr/bin/gtali games:games 2755 -/usr/bin/mahjongg games:games 2755 -/usr/bin/same-gnome games:games 2755 - # zypp (#385207) /usr/sbin/zypp-refresh-wrapper root:root 4755 @@ -421,3 +317,5 @@ /usr/sbin/hawk_chkpwd root:haclient 4750 /usr/sbin/hawk_invoke root:haclient 4750 +# chromium (bnc#718016) +/usr/lib/chrome_sandbox root:root 4755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions.paranoid new/permissions-2011.09.21.1000/permissions.paranoid --- old/permissions-2011.06.28.1452/permissions.paranoid 2011-06-28 14:52:01.000000000 +0200 +++ new/permissions-2011.09.21.1000/permissions.paranoid 2011-09-21 10:00:05.000000000 +0200 @@ -100,48 +100,6 @@ # # mixed section: most of it is disabled in this permissions.secure: # -######################################################################### -# rpm subsystem: -/usr/src/packages/SOURCES/ root:root 700 -/usr/src/packages/BUILD/ root:root 700 -/usr/src/packages/BUILDROOT/ root:root 700 -/usr/src/packages/RPMS/ root:root 700 -/usr/src/packages/RPMS/alpha/ root:root 700 -/usr/src/packages/RPMS/alphaev56/ root:root 700 -/usr/src/packages/RPMS/alphaev67/ root:root 700 -/usr/src/packages/RPMS/alphaev6/ root:root 700 -/usr/src/packages/RPMS/arm4l/ root:root 700 -/usr/src/packages/RPMS/athlon/ root:root 700 -/usr/src/packages/RPMS/i386/ root:root 700 -/usr/src/packages/RPMS/i486/ root:root 700 -/usr/src/packages/RPMS/i586/ root:root 700 -/usr/src/packages/RPMS/i686/ root:root 700 -/usr/src/packages/RPMS/ia64/ root:root 700 -/usr/src/packages/RPMS/mips/ root:root 700 -/usr/src/packages/RPMS/ppc/ root:root 700 -/usr/src/packages/RPMS/ppc64/ root:root 700 -/usr/src/packages/RPMS/powerpc/ root:root 700 -/usr/src/packages/RPMS/powerpc64/ root:root 700 -/usr/src/packages/RPMS/s390/ root:root 700 -/usr/src/packages/RPMS/s390x/ root:root 700 -/usr/src/packages/RPMS/sparc/ root:root 700 -/usr/src/packages/RPMS/sparcv9/ root:root 700 -/usr/src/packages/RPMS/sparc64/ root:root 700 -/usr/src/packages/RPMS/x86_64/ root:root 700 -/usr/src/packages/RPMS/armv4l/ root:root 700 -/usr/src/packages/RPMS/armv5tel/ root:root 700 -/usr/src/packages/RPMS/armv5tevl/ root:root 700 -/usr/src/packages/RPMS/armv5tejl/ root:root 700 -/usr/src/packages/RPMS/armv5tejvl/ root:root 700 -/usr/src/packages/RPMS/armv6l/ root:root 700 -/usr/src/packages/RPMS/armv6vl/ root:root 700 -/usr/src/packages/RPMS/armv7l/ root:root 700 -/usr/src/packages/RPMS/hppa/ root:root 700 -/usr/src/packages/RPMS/hppa2.0/ root:root 700 -/usr/src/packages/RPMS/noarch/ root:root 700 -/usr/src/packages/SPECS/ root:root 700 -/usr/src/packages/SRPMS/ root:root 700 -######################################################################### # video /usr/bin/v4l-conf root:video 0755 # Itanium ia32 emulator @@ -328,68 +286,6 @@ /usr/lib/uucp/uucico uucp:uucp 0555 /usr/lib/uucp/uuxqt uucp:uucp 0555 - -# -# games of all kinds, toys -# - -# bsd-games -/usr/games/atc games:games 0755 -/usr/games/battlestar games:games 0755 -/usr/games/canfield games:games 0755 -/usr/games/cribbage games:games 0755 -/usr/games/phantasia games:games 0755 -/usr/games/robots games:games 0755 -/usr/games/sail games:games 0755 -/usr/games/snake games:games 0755 -/usr/games/tetris-bsd games:games 0755 - -# Maelstrom -/usr/games/Maelstrom games:games 0755 - -# pachi -/usr/games/pachi games:games 0755 -/usr/games/martian games:games 0755 - -# nethack -/usr/lib/nethack/nethack.tty games:games 0755 - -# chromium, -/usr/games/chromium games:games 0755 - -# xscrabble -/usr/games/xscrab games:games 0755 - -# trackballs -/usr/games/trackballs games:games 0755 - -# ltris -/usr/games/ltris games:games 0755 - -# xlogical -/usr/games/xlogical games:games 0755 - -# lbreakout -/usr/games/lbreakout2 games:games 0755 - -# xgalaga -/usr/bin/xgalaga games:games 0755 - -# rocksndiamonds -/usr/games/rocksndiamonds games:games 0755 - -# gnome-games -/usr/bin/glines games:games 0755 -/usr/bin/gnibbles games:games 0755 -/usr/bin/gnobots2 games:games 0755 -/usr/bin/gnometris games:games 0755 -/usr/bin/gnomine games:games 0755 -/usr/bin/gnotravex games:games 0755 -/usr/bin/gnotski games:games 0755 -/usr/bin/gtali games:games 0755 -/usr/bin/mahjongg games:games 0755 -/usr/bin/same-gnome games:games 0755 - # zypp (#385207) /usr/sbin/zypp-refresh-wrapper root:root 0755 @@ -432,3 +328,6 @@ # hawk (bnc#665045) /usr/sbin/hawk_chkpwd root:haclient 0755 /usr/sbin/hawk_invoke root:haclient 0755 + +# chromium (bnc#718016) +/usr/lib/chrome_sandbox root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/permissions.secure new/permissions-2011.09.21.1000/permissions.secure --- old/permissions-2011.06.28.1452/permissions.secure 2011-06-28 14:52:01.000000000 +0200 +++ new/permissions-2011.09.21.1000/permissions.secure 2011-09-21 10:00:05.000000000 +0200 @@ -123,48 +123,6 @@ # # mixed section: most of it is disabled in this permissions.secure: # -######################################################################### -# rpm subsystem: -/usr/src/packages/SOURCES/ root:root 755 -/usr/src/packages/BUILD/ root:root 755 -/usr/src/packages/BUILDROOT/ root:root 755 -/usr/src/packages/RPMS/ root:root 755 -/usr/src/packages/RPMS/alpha/ root:root 755 -/usr/src/packages/RPMS/alphaev56/ root:root 755 -/usr/src/packages/RPMS/alphaev67/ root:root 755 -/usr/src/packages/RPMS/alphaev6/ root:root 755 -/usr/src/packages/RPMS/arm4l/ root:root 755 -/usr/src/packages/RPMS/athlon/ root:root 755 -/usr/src/packages/RPMS/i386/ root:root 755 -/usr/src/packages/RPMS/i486/ root:root 755 -/usr/src/packages/RPMS/i586/ root:root 755 -/usr/src/packages/RPMS/i686/ root:root 755 -/usr/src/packages/RPMS/ia64/ root:root 755 -/usr/src/packages/RPMS/mips/ root:root 755 -/usr/src/packages/RPMS/ppc/ root:root 755 -/usr/src/packages/RPMS/ppc64/ root:root 755 -/usr/src/packages/RPMS/powerpc/ root:root 755 -/usr/src/packages/RPMS/powerpc64/ root:root 755 -/usr/src/packages/RPMS/s390/ root:root 755 -/usr/src/packages/RPMS/s390x/ root:root 755 -/usr/src/packages/RPMS/sparc/ root:root 755 -/usr/src/packages/RPMS/sparcv9/ root:root 755 -/usr/src/packages/RPMS/sparc64/ root:root 755 -/usr/src/packages/RPMS/x86_64/ root:root 755 -/usr/src/packages/RPMS/armv4l/ root:root 755 -/usr/src/packages/RPMS/armv5tel/ root:root 755 -/usr/src/packages/RPMS/armv5tevl/ root:root 755 -/usr/src/packages/RPMS/armv5tejl/ root:root 755 -/usr/src/packages/RPMS/armv5tejvl/ root:root 755 -/usr/src/packages/RPMS/armv6l/ root:root 755 -/usr/src/packages/RPMS/armv6vl/ root:root 755 -/usr/src/packages/RPMS/armv7l/ root:root 755 -/usr/src/packages/RPMS/hppa/ root:root 755 -/usr/src/packages/RPMS/hppa2.0/ root:root 755 -/usr/src/packages/RPMS/noarch/ root:root 755 -/usr/src/packages/SPECS/ root:root 755 -/usr/src/packages/SRPMS/ root:root 755 -######################################################################### # video /usr/bin/v4l-conf root:video 4750 # Itanium ia32 emulator @@ -354,69 +312,6 @@ /usr/lib/uucp/uucico uucp:uucp 6555 /usr/lib/uucp/uuxqt uucp:uucp 6555 - -# -# games of all kinds, toys -# all suid and sgid bits cleared. -# - -# bsd-games -/usr/games/atc games:games 0755 -/usr/games/battlestar games:games 0755 -/usr/games/canfield games:games 0755 -/usr/games/cribbage games:games 0755 -/usr/games/phantasia games:games 0755 -/usr/games/robots games:games 0755 -/usr/games/sail games:games 0755 -/usr/games/snake games:games 0755 -/usr/games/tetris-bsd games:games 0755 - -# Maelstrom -/usr/games/Maelstrom games:games 0755 - -# pachi -/usr/games/pachi games:games 0755 -/usr/games/martian games:games 0755 - -# nethack -/usr/lib/nethack/nethack.tty games:games 0755 - -# chromium, -/usr/games/chromium games:games 0755 - -# xscrabble -/usr/games/xscrab games:games 0755 - -# trackballs -/usr/games/trackballs games:games 0755 - -# ltris -/usr/games/ltris games:games 0755 - -# xlogical -/usr/games/xlogical games:games 0755 - -# lbreakout -/usr/games/lbreakout2 games:games 0755 - -# xgalaga -/usr/bin/xgalaga games:games 0755 - -# rocksndiamonds -/usr/games/rocksndiamonds games:games 0755 - -# gnome-games -/usr/bin/glines games:games 0755 -/usr/bin/gnibbles games:games 0755 -/usr/bin/gnobots2 games:games 0755 -/usr/bin/gnometris games:games 0755 -/usr/bin/gnomine games:games 0755 -/usr/bin/gnotravex games:games 0755 -/usr/bin/gnotski games:games 0755 -/usr/bin/gtali games:games 0755 -/usr/bin/mahjongg games:games 0755 -/usr/bin/same-gnome games:games 0755 - # zypp (#385207) /usr/sbin/zypp-refresh-wrapper root:root 0755 @@ -459,3 +354,6 @@ # hawk (bnc#665045) /usr/sbin/hawk_chkpwd root:haclient 4750 /usr/sbin/hawk_invoke root:haclient 4750 + +# chromium (bnc#718016) +/usr/lib/chrome_sandbox root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2011.06.28.1452/sysconfig.security new/permissions-2011.09.21.1000/sysconfig.security --- old/permissions-2011.06.28.1452/sysconfig.security 2011-06-28 14:52:01.000000000 +0200 +++ new/permissions-2011.09.21.1000/sysconfig.security 2011-09-21 10:00:05.000000000 +0200 @@ -1,25 +1,10 @@ ## Path: System/Security/Permissions ## Description: Configuration of permissions on the system -## Type: list(set,warn,no) -## Default: set -## Config: permissions -# -# SuSEconfig can call chkstat to check permissions and ownerships for -# files and directories (using /etc/permissions). -# Setting to "set" will correct it, "warn" produces warnings, if -# something strange is found. Disable this feature with "no". -# -CHECK_PERMISSIONS="set" - ## Type: string ## Default: "easy local" # -# SuSE Linux contains two different configurations for -# chkstat. The differences can be found in /etc/permissions.secure -# and /etc/permissions.easy. If you create your own configuration -# (e.g. permissions.foo), you can enter the extension here as well. -# -# (easy/secure local foo whateveryouwant). +# Permission settings to use. By default 'easy', 'secure' and +# 'paranoid' exist. You may define your own though. # PERMISSION_SECURITY="easy local" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de