Andrei Borzenkov wrote;
This appears to be local SUSE patch which additionally resets supplementary groups. There is not much info in changelog and OBS is not entirely helpful in browsing historical versions either, but for all I can tell patch is quite old. Behavior is present in Leap 42.3 already.
Why does opensuse allow this nonsense? Someone up and applies a patch without it being documented very well and don't even bother to update the associated manpages. Then people wonder why things break randomly. I've heard from people outside of suse, years ago, that open suse's releases were known to have little documented and little known patches that caused O.S. built binaries to not behave as the same programs on other OS's. To the point that opensuse had a reputation for having flakey behaviors in their programs. I didn't know what to say when I heard this, AFAIKnew it was FUD, but I've seen more than one patch like this -- with little justification or documentation. The problem is, that some of them, like this one, affect security. This makes me more than a little less trusting of open-suse patched binaries when it comes to compatibility and documented security behaviors. I ran into a similar attitude that repurposed a pam file for setting the environment once/login session to once per suse-session initialization. Problem was, they aren't the same -- critical security information like how the original logged-in user logged into the system was thrown away (with a side effect of killing a remote display due to the remote host no longer being known). I was told suse was repurposing this for their own session usage and my original usage as documented in the module notes, was no longer important/relevant or whatever. I could enumerate more issues that fit the same pattern, but it seems like someone "in charge" of a program can make changes pretty much however they see fit. Many times over past versions many of these changes cause innumerable problems that are very hard to track down, because no one expects changes of this type -- making such changes lightly would be too likely to cause incompatiblities with other people's usage. On the pam issue I asked why they couldn't fork the module under a new name for suse's session definition use. Nah, not worth it was basically the message I got. Many of those issues I did file bugs on only to have the bug rejected. What's amusing is that on visible things, I'll be told suse stays well behind the curve so as to not cause incompatibilities -- meaning it's only little changes that are not that visible that get changed leaving someone to wonder what happened, and if it will be fixed before some 2-3 year time period is passed and the version they filed it against is no longer supported. I don't know the fix, but it seems like a problem not likely to engender trust and confidence when encountering problems -- especially in things that "used to work". I doubt things can change, it seems to easy to add changes like this, under-the-radar -- which again, seems to be pointing to a huge potential for security issues either accidently or otherwise. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org