Bug 749065

Summary: AUDIT-0: polkit privilege audit: smb4k
Product: [openSUSE] openSUSE 12.2 Reporter: Dirk Mueller <dmueller>
Component: KDE4 ApplicationsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: cookie170, forgotten_c-AT0h9V-M, kde-maintainers, krahmer, meissner
Version: Factory   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dirk Mueller 2012-02-27 09:03:53 UTC 
Hi, 


smb4k.x86_64: W: suse-dbus-unauthorized-service /etc/dbus-1/system.d/de.berlios.smb4k.mounthelper.conf
smb4k.x86_64: W: suse-dbus-unauthorized-service /usr/share/dbus-1/system-services/de.berlios.smb4k.mounthelper.service
The package installs a DBUS system service file. If the package is intended
for inclusion in any SUSE product please open a bug report to request review
of the service by the security team.

smb4k.x86_64: W: polkit-unauthorized-privilege de.berlios.smb4k.mounthelper.mount (??:no:yes)
smb4k.x86_64: W: polkit-unauthorized-privilege de.berlios.smb4k.mounthelper.unmount (??:no:yes)

sources are here:
https://api.opensuse.org/source/KDE:Distro:Factory/smb4k
Comment 1 Ludwig Nussel 2012-02-29 13:54:51 UTC 
I've added the privileges with auth_admin until the audit is completed.
Comment 2 Bernhard Wiedemann 2012-02-29 14:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (749065) was mentioned in
https://build.opensuse.org/request/show/107556 Factory / rpmlint
https://build.opensuse.org/request/show/107558 Factory / polkit-default-privs
Comment 3 Sebastian Krahmer 2012-03-07 10:06:43 UTC 
I checked out smb4k from openSUSE:Factory and will have a look.
Comment 7 Wolfgang Bauer 2015-04-14 13:18:43 UTC 
*** Bug 927106 has been marked as a duplicate of this bug. ***
Comment 8 Sebastian Krahmer 2017-05-15 07:50:43 UTC 
smb4k root helper will be disabled (is only on openSUSE anyway).
Decision was made because of CVE-2017-8422 and CVE-2017-8849