Mailinglist Archive: opensuse-factory (1165 mails)

< Previous Next >
Re: [opensuse-factory] openSUSE 10.2 bug prioritization
  • From: Christian Boltz <opensuse@xxxxxxxxx>
  • Date: Tue, 7 Nov 2006 00:01:15 +0100
  • Message-id: <200611070001.18110@xxxxxxxxxxxxxxx>
Hello,

first:
two other candidate to fix for 10.2 I missed yesterday - both have the
fix already included:

https://bugzilla.novell.com/show_bug.cgi?id=190084
apparmor.vim missing
The apparmor syntax highlighting file for vim is missing (was removed in
10.1 because it was terribly outdated). I have updated and fixed it.
(well, vim syntax profiles can cause real headache...)

The working file is attached to the bugreport. It simply needs to be
added to the vim package.
(Not sure if the assignee is the correct one.)


https://bugzilla.novell.com/show_bug.cgi?id=188068
pin -v 100 foo tries to "su 100" ("su $2")
The description says it all, and the fix is available. (Martin?)


second:

Am Montag, 6. November 2006 10:36 schrieb Marcus Meissner:
> On Mon, Nov 06, 2006 at 10:31:04AM +0100, Christoph Thiel wrote:
> > On Sun, Nov 05, 2006 at 08:32:57PM +0100, Christian Boltz wrote:
> > > https://bugzilla.novell.com/show_bug.cgi?id=216485
> > > zypp-checkpatches-wrapper does not get the suid-root bit if
> > > running with permissions.secure. This makes opensuse-updater
> > > unuseable.
[...]
> You likely do not want users to be able to run system administrator
> tasks in "secure" mode at all, without root password protection.

Hmm, zen-updater runs with permissions.secure in 10.1 [1] - and even
grants _permanent_ permissions once one has entered the root password.

Since I didn't install any updates with opensuse-updater yet: how does
it handle installing updates? Does it ask for the root password every
time when installing packages (as susewatcher did)?
(If yes, I would consider it more secure than zen-updater.)

> It should probably not start opensuse-updater then.

Not starting the updater at all isn't a solution also because not
installing updates will make the system insecure over time.
(Yes, I know that there's a difference bitween "installing updates" and
"being notified about updates" - but it's easy to "forget" to run the
update when nothing notifies you...)

To sum it up:
- being notified about updates should be available independend of the
permissions.* level (I don't see that this could cause any harm
because a user could also check the RPM database for outdated
packages ;-)
- missing notification could cause security problems (if nobody installs
the fixed packages)
- installing updates should require the root password (maybe
permissions.easy could be an exception)

If you really don't change your decision here, I foretell that this will
become a FAQ for 10.2 ;-)


Regards,

Christian Boltz

PS @ Christoph: regarding bug 171082: sorry, I only speak german,
english, pfälzisch, bash, php, perl, (my)sql and HTML - but not
ycp :-(

[1] dunno for 10.2 - I uninstalled it ;)

--
Wenn Du Dich weiter doof stellst, dann:
Warning: loading builtin philipp-cool-down.dll. Couldn't be loaded!
Expect trouble!!! [Philipp Zacharias in suse-linux]
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups