On Mon, Nov 06, 2006 at 10:31:04AM +0100, Christoph Thiel wrote:
Christian, many thanks for sharing these with us!
On Sun, Nov 05, 2006 at 08:32:57PM +0100, Christian Boltz wrote:
My candidates:
https://bugzilla.novell.com/show_bug.cgi?id=216485 opensuse-updater shows error message in tooltip zypp-checkpatches-wrapper does not get the suid-root bit if running with permissions.secure. This makes opensuse-updater unuseable. Please reconsider the settings for permissions.secure (or remove zmd when running with permissions.secure - I consider its broken permission concept more critical ;-)
Let's get the security teams point of view here.
Rational: You likely do not want users to be able to run system administrator tasks in "secure" mode at all, without root password protection. It should probably not start opensuse-updater then. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org