On 18:10 Sun 14 Dec , sda wrote: On 12:25 Sun 14 Dec , Gustavo Sverzut Barbieri wrote: > On Sun, Dec 14, 2008 at 3:48 AM, sda <dmitry.serpok...@gmail.com> wrote: > > hi guys! > > > > here comes a long story, sorry for that. openSUSE will release version > > 11.1 soon and this release has a new system of 'brp' checks which are a > > bit similar to 'rpmlint' but could not be disabled. yes, i can override > > this checks, but this is "illegal". in general, now OBS (OpenSUSE Build > > Service) has a single quality standards for all packages and for all > > packagers as well (tep, this is a theory or declared note). > > > > i'm trying to keep up Enlightenment repo for openSUSE in a good shape > > and for an upcoming version 11.1 following issues appeared: > > > > E17.i586: E: permissions-file-setuid-bit (Badness: 10000) > > /usr/bin/enlightenment_sys is packaged with setuid/setgid bits (04555) > > this is tricky, commands defined in sysactions.conf need to be > executed as root (shutdown, reboot, hibernate...). > > do you know how opensuse expect those to be done? how gnome/kde do that? > in general - exactly in the same manner. the matter here is that openSUSE is the only distro (IMHO) where each officially distributed package has it's Novell/SUSE maintainer/engineer to provide 7/24 services and Security Team keep an eye on that to publish their security patches/updates for all SUSE-Linux distributions.
i'm expecting that this binary will be included into the "whitelist" for brp checks after a review. another variant - to allow all packagers simply override such checks without some "extra" efforts similar to the voodoo rpm magic (that's what we've got now for 11.1). > > > E17.i586: E: permissions-file-setuid-bit (Badness: 10000) > > /usr/lib/enlightenment/modules/cpufreq/linux-gnu-i686/freqset is > > packaged with setuid/setgid bits (04555) Please remove the setuid/setgid > > bits or contact secur...@suse.de for review. > > i know we can just set frequency using some system utilities like > those dbus daemons some systems have. Then we can just remove this > suid and rely on policykit or similar for authorization. > default SUSE security policies are very strict because openSUSE is a base for a corporate SLED/SLES and i can't say that editing of this xml-based configs is pleasant. i'm waiting the response from our Sec Team. hope that all mentioned files will keep the required SUID and situation will be clarified without a single penalty to Users or Developers. thank you very much for your response. regards, sda > -- > Gustavo Sverzut Barbieri > http://profusion.mobi embedded systems > -------------------------------------- > MSN: barbi...@gmail.com > Skype: gsbarbieri Mobile: +55 (19) 9225-2202 ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
