FS#46861 - [polkit] incorrect configuration directory permissions
Attached to Project:
Arch Linux
Opened by Steven (Stebalien) - Saturday, 24 October 2015, 16:15 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 25 October 2015, 18:23 GMT
Opened by Steven (Stebalien) - Saturday, 24 October 2015, 16:15 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 25 October 2015, 18:23 GMT
|
Details
1. /etc/polkit-1/rules.d should be readable by the polkitd
group but not owned by the polkitd user (the daemon should
not be able to write its own config).
2. /usr/share/polkit-1/rules.d should be readable by everyone (these files aren't exactly secret) but again, not writeable by polkitd. The correct PKGBUILD permissions commands are: # Local config is secret chown -R 0:102 "$pkgdir/etc/polkit-1/rules.d" chmod -R u=rwX,g=rX,o=- "$pkgdir/etc/polkit-1/rules.d" # Default configs aren't secret chown -R 0:0 "$pkgdir/usr/share/polkit-1/rules.d" chmod -R u=rwX,go=rX "$pkgdir/usr/share/polkit-1/rules.d" |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Sunday, 25 October 2015, 18:23 GMT
Reason for closing: Fixed
Additional comments about closing: 0.113-3
Sunday, 25 October 2015, 18:23 GMT
Reason for closing: Fixed
Additional comments about closing: 0.113-3
Comment by
Jan Alexander Steffens (heftig) -
Sunday, 25 October 2015, 15:11 GMT
Comment by Steven (Stebalien) -
Sunday, 25 October 2015, 18:18 GMT
I'm not so sure the package-supplied rules should be
world-readable. Think of administrator-created packages, which
aren't public.
That's reasonable. They are readable in Debian/Ubuntu but I can't
think of any good reason they'd need to be. My main concern is
that they shouldn't be writable by polkitd.