Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 872276] New: libKF5Su5.x86_64: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib64/kde5/libexec/kdesud is packaged with setuid/setgid bits (02755)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 6 Apr 2014 21:43:53 +0000
  • Message-id: <bug-872276-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=872276

https://bugzilla.novell.com/show_bug.cgi?id=872276#c0


Summary: libKF5Su5.x86_64: E: permissions-file-setuid-bit
(Badness: 10000) /usr/lib64/kde5/libexec/kdesud is
packaged with setuid/setgid bits (02755)
Classification: openSUSE
Product: openSUSE Factory
Version: 13.2 Milestone 0
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: hrvoje.senjan@xxxxxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/33.0.1750.152 Safari/537.36 SUSE/33.0.1750.152

Sebastian, we have another one ;-)
(kde4 code is in kdebase4-runtime), kf5 code just got merged into kdesu
framework for beta1 (4.98.0)

from help:
"KDE su uses a daemon, called kdesud. The daemon listens to a UNIX® socket in
/tmp for commands. The mode of the socket is 0600 so that only your user id can
connect to it. If password keeping is enabled, KDE su executes commands through
this daemon. It writes the command and root's password to the socket and the
daemon executes the command using su, as describe before. After this, the
command and the password are not thrown away. Instead, they are kept for a
specified amount of time. This is the timeout value from in the control module.
If another request for the same command is coming within this time period, the
client does not have to supply the password. To keep hackers who broke into
your account from stealing passwords from the daemon (for example, by attaching
a debugger), the daemon is installed set-group-id nogroup. "

Reproducible: Always

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
< Previous Next >