Bug 707723

Summary: AUDIT-0: kdepim4 kalarmrtcwake
Product: [openSUSE] openSUSE 12.1 Reporter: Ismail Dönmez <ismail>
Component: KDE4 ApplicationsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Factory   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: rtcwakeaction.cpp

Description Ismail Dönmez 2011-07-22 15:21:48 UTC 
Hi;

The new kdepim4 package installs a new dbus service to be used by kalarm:

kalarm.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /etc/dbus-1/system.d/org.kde.kalarmrtcwake.conf
kalarm.x86_64: E: suse-dbus-unauthorized-service (Badness: 10000) /usr/share/dbus-1/system-services/org.kde.kalarmrtcwake.service


We want to include it in Factory as part of KDE SC 4.7 release.

The source is available for inspection under https://build.opensuse.org/package/files?package=kdepim4&project=KDE%3ADistro%3AFactory

Thanks!
Comment 1 Ludwig Nussel 2011-07-25 08:37:31 UTC 
Does this work with the upcoming new kernel clocks?
https://lwn.net/Articles/429925/

Also, what privileges are required for the service? I'm missing a request for policykit permissions :-)
Comment 2 Ismail Dönmez 2011-07-25 08:49:04 UTC 
Created attachment 441984 [details]
rtcwakeaction.cpp
Comment 3 Ismail Dönmez 2011-07-25 08:54:08 UTC 
I attached rtcwakeaction.cpp which is the implementation for this service, as far as I can see it just runs /usr/sbin/rtcwake.
Comment 4 Ismail Dönmez 2011-08-03 11:10:38 UTC 
Do you need any extra information about this?
Comment 6 Ludwig Nussel 2011-08-05 12:08:05 UTC 
The code is ugly¹ but only accepts an int a argument so should be safe if the kde framework surrounding it is safe

[1] FILE* wh = popen("whereis -b rtcwake", "r")
Comment 7 Ludwig Nussel 2011-08-05 12:17:38 UTC 
whitelisted