Whitelist more expectedly setuid executables; fixes #646455.

2010-11-01 23:20:23 +02:00 · 2010-11-01 23:20:23 +02:00 · 8480e39802
commit 8480e39802
parent db3d04e628
2 changed files with 12 additions and 2 deletions
--- a/rpmlint.config
+++ b/rpmlint.config
@ -337,6 +337,13 @@ addFilter("filename-too-long-for-joliet")
 addFilter("symlink-should-be-")
 addFilter("dangling-\S*symlink /usr/share/doc/HTML/\S+/common .+/common$")
 addFilter("hidden-file-or-dir .*/man5/\.k5login\.5[^/]+$")
-# TODO: more whitelisted executables, https://bugzilla.redhat.com/496737
-addFilter("krb5-workstation.+ (setuid-binary|non-standard-executable-perm) /usr/kerberos/bin/ksu (root )?04755")
 addFilter("blender.+ (wrong-script-interpreter|non-executable-script) .+/blender/.+\.py.*BPY.*")
+# https://bugzilla.redhat.com/496737, https://bugzilla.redhat.com/646455
+for pkg, exe in (("coreutils", "/bin/su"),
+                 ("krb5-workstation", "/usr/kerberos/bin/ksu"),
+                 ("passwd", "/usr/bin/passwd"),
+                 ("sudo", "/usr/bin/sudo(edit)?"),
+                 ("upstart", "/sbin/initctl"),
+                 ("usermode", "/usr/sbin/userhelper")):
+    addFilter("%s.* (setuid-binary|non-standard-executable-perm) %s (root )?04"
+              % (pkg, exe))
--- a/rpmlint.spec
+++ b/rpmlint.spec
@ -78,6 +78,9 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Mon Nov  1 2010 Ville Skyttä <ville.skytta@iki.fi>
+- Whitelist more expectedly setuid executables; fixes #646455.
+
 * Thu Aug 19 2010 Ville Skyttä <ville.skytta@iki.fi> - 0.99-1
 - Update to 0.99; fixes #623607, helps work around #537430.
 - Sync Fedora license list with Wiki revision 1.80.