Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 872276] AUDIT-0: libKF5Su5.x86_64: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib64/kde5/libexec/kdesud is packaged with setuid/setgid bits (02755)

https://bugzilla.novell.com/show_bug.cgi?id=872276

https://bugzilla.novell.com/show_bug.cgi?id=872276#c1


Sebastian Krahmer <krahmer@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
CC| |security-team@xxxxxxx
InfoProvider| |hrvoje.senjan@xxxxxxxxx

--- Comment #1 from Sebastian Krahmer <krahmer@xxxxxxxx> 2014-04-15 09:29:00
UTC ---
Should not be of much problem, as its only g+s nogroup:

chgrp nogroup '\${KDESUD_PATH}' && chmod g+s '\${KDESUD_PATH}'\"

The peer-id check of the socket still seems there when
pwd caching is used. Also see here:

https://www.suse.com/support/security/advisories/2001_002_kdesu_txt.html

However it needs to be enabled during build, e.g. there must be
a string of

"socket not owned by me! socket uid ="

inside the binary. Then everything should be fine.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References