The recent coreutils update (coreutils-8.14-3.11.1.x86_64) on opensuse
12.2 applied using 'zypper patch' has changed the permissions of
< -rwsr-x--- 1 root support 39984 2012-09-25 14:40:45.000000000 +0100 /bin/su
> -rwsr-xr-x 1 root root 39984 2012-11-12 13:57:18.000000000 +0000 /bin/su
The result is that a security barrier has been silently removed.
Should not the patch process ensure that settings in
/etc/permissions.local are honoured?
We have ENABLE_SUSECONFIG="yes"
Bob Vickers R.Vickers(a)cs.rhul.ac.uk
Dept of Computer Science, Royal Holloway, University of London
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org