Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1143216] New: AUDIT-0: mousepad: New PolKit rules added
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 29 Jul 2019 10:09:09 +0000
  • Message-id: <bug-1143216-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1143216


Bug ID: 1143216
Summary: AUDIT-0: mousepad: New PolKit rules added
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: tux93@xxxxxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 811924
--> http://bugzilla.suse.com/attachment.cgi?id=811924&action=edit
Full build log

mousepad update 0.4.2 has added polkit rules

[ 84s] RPMLINT report:
[ 84s] ===============
[ 85s] mousepad.x86_64: I: polkit-cant-acquire-privilege org.xfce.mousepad
(no:auth_admin:auth_admin)
[ 85s] Usability can be improved by allowing users to acquire privileges via
[ 85s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to
define
[ 85s] 'allow_any'. This is an issue only if the privilege is not listed in
[ 85s] /etc/polkit-default-privs.*
[ 85s]
[ 85s] mousepad.x86_64: W: package-with-huge-docs 55%
[ 85s] More than half the size of your package is documentation. Consider
splitting
[ 85s] it into a -doc subpackage.
[ 85s]
[ 85s] mousepad.x86_64: E: polkit-untracked-privilege (Badness: 10000)
org.xfce.mousepad (no:auth_admin:auth_admin)
[ 85s] The privilege is not listed in /etc/polkit-default-privs.* which makes
it
[ 85s] harder for admins to find. Furthermore polkit authorization checks can
easily
[ 85s] introduce security issues. If the package is intended for inclusion in
any
[ 85s] SUSE product please open a bug report to request review of the package
by the
[ 85s] security team. Please refer to
[ 85s]
https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[ 85s] more information.
[ 85s]
[ 85s] (none): E: badness 10000 exceeds threshold 1000, aborting.
[ 85s] 3 packages and 0 specfiles checked; 1 errors, 1 warnings.

OBS Repo:
https://build.opensuse.org/package/show/home:tux93:branches:X11:xfce/mousepad

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >