Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143147] New: AUDIT-0: calamares: polkit-untracked-privilege
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 28 Jul 2019 19:03:25 +0000
  • Message-id: <bug-1143147-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1143147


Bug ID: 1143147
Summary: AUDIT-0: calamares: polkit-untracked-privilege
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: opensuse.lietuviu.kalba@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 811861
--> http://bugzilla.opensuse.org/attachment.cgi?id=811861&action=edit
full build log

For my package found in OBS in home:embar-:Lietukas/calamares I would like a
whitelisting for the following rpmlint error:

[ 408s] calamares.x86_64: I: polkit-cant-acquire-privilege
com.github.calamares.calamares.pkexec.run (no:no:auth_admin)
[ 408s] Usability can be improved by allowing users to acquire privileges via
[ 408s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to
define
[ 408s] 'allow_any'. This is an issue only if the privilege is not listed in
[ 408s] /etc/polkit-default-privs.*
[ 408s]

<...>

[ 408s] calamares.x86_64: E: polkit-untracked-privilege (Badness: 10000)
com.github.calamares.calamares.pkexec.run (no:no:auth_admin)
[ 408s] The privilege is not listed in /etc/polkit-default-privs.* which makes
it
[ 408s] harder for admins to find. Furthermore polkit authorization checks can
easily
[ 408s] introduce security issues. If the package is intended for inclusion in
any
[ 408s] SUSE product please open a bug report to request review of the package
by the
[ 408s] security team. Please refer to
[ 408s]
https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[ 408s] more information.


I would like to submit it later into Education/calamares and main openSUSE
Factory/Tumbleweed repository. Please help with this package.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups