Bug 1171882

Summary: mgetty: probably long dead directory /var/spool/fax/outgoing/locks in permissions profiles
Product: [openSUSE] openSUSE Tumbleweed Reporter: Matthias Gerstner <matthias.gerstner>
Component: SecurityAssignee: Stanislav Brabec <sbrabec>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: dmueller, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1172227    

Description Matthias Gerstner 2020-05-19 12:33:43 UTC 
The security team is currently sanity checking the profiles in the
Base:System/permissions package. In this context we've come across the
following entries related to the mgetty package:

permissions.paranoid:	/var/spool/fax/outgoing/locks	fax:trusted       0755
permissions.easy:	/var/spool/fax/outgoing/locks	fax:root          0755
permissions.secure:	/var/spool/fax/outgoing/locks	fax:root          0755

This directory doesn't seem to be part of mgetty (sendfax) for a long time any
more. Upstream commit bac8e5efeeb19ef5bef44ff1d76b73816218936b seems to have
removed this in the year 2002 (upstream git repository is at
git://github.greenie.net/mgetty/).

If you can confirm this I'd like to remove the entries listed above from all
permissions profiles.
Comment 1 Matthias Gerstner 2020-10-08 11:56:00 UTC 
Since nobody protested for a long time I'm going to remove these entries.
Comment 2 Matthias Gerstner 2020-10-26 14:10:08 UTC 
Removal of entries is through. Closing as FIXED.
Comment 3 OBSbugzilla Bot 2021-11-17 15:42:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1171882) was mentioned in
https://build.opensuse.org/request/show/931965 15.3 / permissions
Comment 4 Swamp Workflow Management 2021-12-02 20:20:28 UTC 
openSUSE-SU-2021:1520-1: An update that solves three vulnerabilities and has 27 fixes is now available.

Category: security (moderate)
Bug References: 1028975,1029961,1093414,1133678,1148788,1150345,1150366,1151190,1157498,1160285,1160764,1161335,1161779,1163588,1167163,1169614,1171164,1171173,1171569,1171580,1171686,1171879,1171882,1173221,1174504,1175720,1175867,1178475,1178476,1183669
CVE References: CVE-2019-3687,CVE-2019-3688,CVE-2020-8013
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    permissions-20200127-lp153.24.3.1