Mailinglist Archive: opensuse-factory (1193 mails)

< Previous Next >
[opensuse-factory] rpmlint-checks: I: polkit-untracked-privilege will become an error
Hello,

the SUSE security team recently decided to turn the rpmlint check
"polkit-untracked-privilege" into an error. Currently this is only an
informational message. If you get messages like these in your package:

gvfs-backends.x86_64: I: polkit-untracked-privilege
org.gtk.vfs.file-operations (no:no:auth_admin_keep)

then they will become an error with 10.000 extra badness in the future,
as is the case with other polkit related errors. This affects all
packages in openSUSE:Factory.

The rationale behind that is that even though these polkit rules seem
harmless (only locally logged in users with admin privileges can acquire
the polkit privilege), they can expose security issues. This is because
the correct enforcement of the polkit policy is depending on the
individual package's polkit adaption.

Therefore such packages must go through a review process with the
security team. You can trigger this process by opening a bug against
security-team@xxxxxxx and adding an AUDIT prefix to the bug summary.
For more about this please refer to this wiki page:

https://en.opensuse.org/openSUSE:Package_security_guidelines

We don't expect many packages to be affected by this. If you have any
questions please reach out to us.

Thank you

Matthias

--
Matthias Gerstner <matthias.gerstner@xxxxxxx>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
https://www.suse.com/security
Telefon: +49 911 740 53 290
GPG Key ID: 0x14C405C971923553

SUSE Linux GmbH
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)
< Previous Next >