Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] KDE wrong file permissions (was: SUSE Security Announcement: sane (SuSE-SA:2003:046))
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Tue, 18 Nov 2003 21:52:30 +0100 (CET)
  • Message-id: <Pine.LNX.4.44.0311182146310.6597-100000@xxxxxxxxxxxxx>
On Tue, 18 Nov 2003, Reiner Steib wrote:

> On Tue, Nov 18 2003, Thomas Biege wrote:
>
> > - KDE wrong file permissions
> > Due to a missing synchronisation during SuSE Linux 8.2 beta-testing
> > phase some configuration files of KDE on SuSE Linux 8.2 are world-
> > writeable. Please check the files in /etc/opt/kde3/share/config
> > and add an appropritae line to /etc/permissions.local, like:
> > /etc/opt/kde3/share/config/kmailrc root.root 0644
> > /etc/opt/kde3/share/config/kioslaverc root.root 0644
> > /etc/opt/kde3/share/config/kdeglobals root.root 0644
> > Set the new permission with 'chkstat -set /etc/permissions.local'
> > as root.
>
> Each time you run `/sbin/conf.d/SuSEconfig.kde', you get the wrong
> permissions back until you (or cron daemon) runs `chkstat' again.

By running SuSEconfig the permission script is run after the kde script,
so everything is fine.

But you are right, changing the kde script is the better way, but not
one that is most straight forward for most users.

Fortunately this bug isnt too critical for a real-life system.

Bye,
Thomas
--
Thomas Biege <thomas@xxxxxxx>, SUSE LINUX AG, Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83
--
... stay with me, save and ignorant, go back to sleep...
- Maynard James Keenan


< Previous Next >
References