Overview

Request 1086054 accepted

No description set

Created by ecsos about 1 year ago
In state accepted

Submit icingaweb2

Comments for request 1086054 4

Dominique Leuenberger (dimstar) - about 1 year ago

reviewer

devel project build still has:

icingaweb2-common.noarch: E: permissions-directory-setuid-bit (Badness: 10) /etc/icingaweb2/enabledModules is packaged with setuid/setgid bits (02770)
If the package is intended for inclusion in any SUSE product please open a bug
report to request review of the package by the security team. Please refer to
https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
more information.

Eric Schirra (ecsos) - about 1 year ago

author source maintainer

Yes. And this is right. It was missing before. Upstream use this in all his packages and all modules. When you enable it must has this group permission.

It is in upstream spec from icingaweb2: install -dm 2770 %_topdir/BUILDROOT/icingaweb2-2.11.4-2.x86_64/etc/icingaweb2 %_topdir/BUILDROOT/icingaweb2-2.11.4-2.x86_64/etc/icingaweb2/{enabledModules,modules}

And in modules icingadirector: post php

Only on install

if [ $1 == 1 ]; then if [ ! -d %{_sysconfdir}/icingaweb2/enabledModules ]; then install -dm 2770 -g icingaweb2 %{_sysconfdir}/icingaweb2/enabledModules fi

Whenever the modul is disable and enable through the webgui it should become grouprights icingaweb2.

Dominique Leuenberger (dimstar) - about 1 year ago

reviewer

so, do as the error message indicates:

If the package is intended for inclusion in any SUSE product please open a bug report to request review of the package by the security team. Please refer to https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for

Eric Schirra (ecsos) - about 1 year ago

author source maintainer

Okay. Have done. Thank you.