http://bugzilla.opensuse.org/show_bug.cgi?id=1048025 Bug ID: 1048025 Summary: Requesting a security review for realmd for inclusion in openSUSE Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: plinnell@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- realmd which is https://build.opensuse.org/package/show/network/realmd needs a review of the polkit privilege.
From rpmlint on current TW:
realmd.i586: E: polkit-unauthorized-privilege (Badness: 100) org.freedesktop.realmd.discover-realm (yes:yes:yes) The package allows unprivileged users to carry out privileged operations without authentication. This could cause security problems if not done carefully. If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team For the moment, I have put in an rpmlintrc file to drop the badness score to 100. -- You are receiving this mail because: You are on the CC list for the bug.