Mailinglist Archive: opensuse-bugs (4297 mails)

< Previous Next >
[Bug 1041511] AUDIT-0: smb4k (suse-dbus-unauthorized-service, polkit-unauthorized-privilege)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 30 May 2017 12:40:03 +0000
  • Message-id: <bug-1041511-21960-dXyE43RxSd@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1041511
http://bugzilla.opensuse.org/show_bug.cgi?id=1041511#c2

--- Comment #2 from Wolfgang Bauer <wbauer@xxxxxx> ---
(In reply to Sebastian Krahmer from comment #1)
Due to CVE-2017-8422 and CVE-2017-8849 it was decided to remove
smb4k from Factory. Operating with root privileges (such as
smb4k helper is doing) in user owned directories can never be secure.
Thats why it wont be approved.

Well, it has been suggested in bug#1033300 that we can add the available fixes
and request a new security review.

Fixes for both CVEs have been added, to kauth and smb4k respectively.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References