Whitelist more expectedly setuid executables; fixes #646455.

rpmlint.config

@@ -337,6 +337,13 @@ addFilter("filename-too-long-for-joliet")
 addFilter("symlink-should-be-")
 addFilter("dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$")
 addFilter("hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$")
-# TODO: more whitelisted executables, https://bugzilla.redhat.com/496737
-addFilter("krb5-workstation.+ (setuid-binary|non-standard-executable-perm) /usr/kerberos/bin/ksu (root )?04755")
 addFilter("blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*")
+# https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455
+for pkg, exe in (("coreutils", "/bin/su"),
+                 ("krb5-workstation", "/usr/kerberos/bin/ksu"),
+                 ("passwd", "/usr/bin/passwd"),
+                 ("sudo", "/usr/bin/sudo(edit)?"),
+                 ("upstart", "/sbin/initctl"),
+                 ("usermode", "/usr/sbin/userhelper")):
+    addFilter("%s.* (setuid-binary|non-standard-executable-perm) %s (root )?04"
+              % (pkg, exe))

rpmlint.spec

@@ -78,6 +78,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Nov  1 2010 Ville Skyttä <ville.skytta@iki.fi>
+- Whitelist more expectedly setuid executables; fixes #646455.
+
 * Thu Aug 19 2010 Ville Skyttä <ville.skytta@iki.fi> - 0.99-1
 - Update to 0.99; fixes #623607, helps work around #537430.
 - Sync Fedora license list with Wiki revision 1.80.