From 8480e39802a6c29a0c64ef1338ef0316c85d68e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Mon, 1 Nov 2010 23:20:23 +0200 Subject: [PATCH] Whitelist more expectedly setuid executables; fixes #646455. --- rpmlint.config | 11 +++++++++-- rpmlint.spec | 3 +++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/rpmlint.config b/rpmlint.config index f9fe242..e772cd9 100644 --- a/rpmlint.config +++ b/rpmlint.config @@ -337,6 +337,13 @@ addFilter("filename-too-long-for-joliet") addFilter("symlink-should-be-") addFilter("dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$") addFilter("hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$") -# TODO: more whitelisted executables, https://bugzilla.redhat.com/496737 -addFilter("krb5-workstation.+ (setuid-binary|non-standard-executable-perm) /usr/kerberos/bin/ksu (root )?04755") addFilter("blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*") +# https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455 +for pkg, exe in (("coreutils", "/bin/su"), + ("krb5-workstation", "/usr/kerberos/bin/ksu"), + ("passwd", "/usr/bin/passwd"), + ("sudo", "/usr/bin/sudo(edit)?"), + ("upstart", "/sbin/initctl"), + ("usermode", "/usr/sbin/userhelper")): + addFilter("%s.* (setuid-binary|non-standard-executable-perm) %s (root )?04" + % (pkg, exe)) diff --git a/rpmlint.spec b/rpmlint.spec index 43411a2..265226c 100644 --- a/rpmlint.spec +++ b/rpmlint.spec @@ -78,6 +78,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Nov 1 2010 Ville Skyttä +- Whitelist more expectedly setuid executables; fixes #646455. + * Thu Aug 19 2010 Ville Skyttä - 0.99-1 - Update to 0.99; fixes #623607, helps work around #537430. - Sync Fedora license list with Wiki revision 1.80.