Request 807580: Submit trousers - openSUSE Build Service

You're not reviewing the full diff of request 807580 , but the diff to the superseded request 807299 (Show full diff)

Overview

Request 807580 accepted

- get rid of %pre/%post logic that fixes the old packaging bug. Turns out
%pretrans and %posttrans had their purpose before, because the logic needed
to run before old files owned by the package got deleted. But I'm not
reimplementing this strange logic in Lua ... users that didn't get the fix
yet will have to live with it.

- fix a potential tss user to root privilege escalation when running tcsd
(bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent
badly designed privilege drop and initialization code to run.
- add bsc1164472.patch: additionally harden operation of tcsd when running as
root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group.
require /etc/tcsd.conf to be owned by root:tss mode 0640.

- add correct Requires(pre) and change %pretrans and %posttrans into %pre and
%post. %pretrans can't have any dependencies and therefore can only be
%implemented in lua. This currently leads to build errors "/bin/sh: no such
file or directory".

Created by mgerstner almost 4 years ago
In state accepted
Supersedes 807299

Submit trousers

Comments for request 807580 0

Login required, please login in order to comment

Request History

mgerstner created request almost 4 years ago

- get rid of %pre/%post logic that fixes the old packaging bug. Turns out
%pretrans and %posttrans had their purpose before, because the logic needed
to run before old files owned by the package got deleted. But I'm not
reimplementing this strange logic in Lua ... users that didn't get the fix
yet will have to live with it.

- fix a potential tss user to root privilege escalation when running tcsd
(bsc#1164472). To do this run tcsd as the 'tss' user right away to prevent
badly designed privilege drop and initialization code to run.
- add bsc1164472.patch: additionally harden operation of tcsd when running as
root. No longer follow symlinks in /var/lib/tpm. Drop gid to tss main group.
require /etc/tcsd.conf to be owned by root:tss mode 0640.

- add correct Requires(pre) and change %pretrans and %posttrans into %pre and
%post. %pretrans can't have any dependencies and therefore can only be
%implemented in lua. This currently leads to build errors "/bin/sh: no such
file or directory".

factory-auto added opensuse-review-team as a reviewer almost 4 years ago

Please review sources

factory-auto accepted review almost 4 years ago

Check script succeeded

licensedigger accepted review almost 4 years ago

ok

dimstar_suse added as a reviewer almost 4 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:66"

dimstar_suse accepted review almost 4 years ago

Picked "openSUSE:Factory:Staging:adi:66"

jengelh accepted review almost 4 years ago

maxlin_factory accepted review almost 4 years ago

Staging Project openSUSE:Factory:Staging:adi:66 got accepted.

maxlin_factory approved review almost 4 years ago

Staging Project openSUSE:Factory:Staging:adi:66 got accepted.

maxlin_factory accepted request almost 4 years ago

Staging Project openSUSE:Factory:Staging:adi:66 got accepted.

openSUSE Build Service is sponsored by