Bug 825256

Summary: AUDIT-0: kdebase4-workspace: powerdevil: polkit-cant-acquire-privilege org.kde.powerdevil.backlighthelper.syspath (??:yes:yes)
Product: [openSUSE] openSUSE Tumbleweed Reporter: Forgotten User sM9JzehKpy <forgotten_sM9JzehKpy>
Component: SecurityAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P1 - Urgent CC: abergmann, forgotten_DV81ZEWZkN, meissner
Version: 13.1 Milestone 1   
Target Milestone: ---   
Hardware: All   
OS: SUSE Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User sM9JzehKpy 2013-06-17 06:22:08 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0

With KDE 4.11 a new backlighthelper was introduced within the PowerDevil application. On some laptops it would now be possible to regulate the backlight of the laptop screen. 

However this new helper also caused an issue with the current polkit-defaults-privs, as that it is not listed. In the KDE:Distro:Factory repo we have resolved it temporarily by setting the error to a information in a rpmlintrc, but as indicated this needs to be pushed to Factory soon. 

The warning is:

[ 1579s] kdebase4-workspace.x86_64: I: polkit-cant-acquire-privilege org.kde.powerdevil.backlighthelper.syspath (??:yes:yes)
[ 1579s] Usability can be improved by allowing users to acquire privileges via
[ 1579s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define
[ 1579s] 'allow_any'. This is an issue only if the privilege is not listed in /etc
[ 1579s] /polkit-default-privs.*

The package itself can be found in KDE:Distro:Factory. 

As that this is blocking the submission to Factory, it has some urgency. Therefore I set it as a critical bug.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Sebastian Krahmer 2013-06-17 07:17:13 UTC 
adjusting severity
Comment 2 Forgotten User sM9JzehKpy 2013-07-01 07:54:00 UTC 
Any update on this bug request ?  As indicated we have Beta 2 now in KDF, but still not able to submit it to Factory. 

Increased also the priority as that this bug request is equal to https://bugzilla.novell.com/show_bug.cgi?id=825262
Comment 3 Marcus Meissner 2013-07-01 08:32:50 UTC 
actually bump prio, not severity
Comment 4 Marcus Meissner 2013-07-01 13:05:26 UTC 
it always take some time ... sorry. We try to prioritize it up.

fwiw, you also are backlogged with Chromium Security updates, Raymond ;)
Comment 5 Thomas Biege 2013-07-04 07:21:32 UTC 
(In reply to comment #2)
> Any update on this bug request ?  As indicated we have Beta 2 now in KDF, but
> still not able to submit it to Factory. 
> 
> Increased also the priority as that this bug request is equal to
> https://bugzilla.novell.com/show_bug.cgi?id=825262

Please go ahead, we will come back to you after the review is done and we have some trouble.
Comment 6 Marcus Meissner 2013-07-04 07:38:02 UTC 
(temporary whitelisted in polkit-default-privs ...)
Comment 7 Bernhard Wiedemann 2013-07-04 08:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (825256) was mentioned in
https://build.opensuse.org/request/show/182136 Factory / polkit-default-privs
Comment 8 Alexander Bergmann 2013-07-05 14:01:58 UTC 
The new action ID 'org.kde.powerdevil.backlighthelper.syspath' is simply just a read operation on the 'm_dirname' variable inside 'backlighthelper.cpp'. The variable 'm_dirname' holds the found device path in '/sys/class/backlight/' that can be read by an unprivileged user anyway. 

Therefore the temporary changes made to polkit-default-privs (comment 6) are okay from the security point of view and can be made permanently.
Comment 9 Bernhard Wiedemann 2013-07-10 16:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (825256) was mentioned in
https://build.opensuse.org/request/show/182736 Factory / polkit-default-privs
Comment 10 Alexander Bergmann 2013-07-11 07:13:19 UTC 
Okay, with the last commit (comment 9) to polkit-default-privs all needed powerdevil privs are checked in permanently and available in Factory.

Closing this AUDIT-0 bug.
Comment 11 Bernhard Wiedemann 2013-08-16 01:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (825256) was mentioned in
https://build.opensuse.org/request/show/195391 Factory / kdebase4-workspace