Bug 1040040

Summary: AUDIT-0: gvfs: Please add untracked privs
Product: [Novell Products] SUSE Security Incidents Reporter: Bjørn Lie <zaitor>
Component: AuditsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: bjorn.lie, dimstar, matthias.gerstner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Bjørn Lie 2017-05-20 22:09:43 UTC 
For current gvfs in TW, please add privileges not listed in /etc/polkit-default-privs.*

[  163s] RPMLINT report:
[  163s] ===============
[  166s] gvfs-backends.x86_64: I: polkit-untracked-privilege org.gtk.vfs.file-operations-helper (no:no:auth_admin_keep)
[  166s] gvfs-backends.x86_64: I: polkit-untracked-privilege org.gtk.vfs.file-operations (no:no:auth_admin_keep)
[  166s] The privilege is not listed in /etc/polkit-default-privs.* which makes it
[  166s] harder for admins to find. If the package is intended for inclusion in any
[  166s] SUSE product please open a bug report to request review of the package by the
[  166s] security team
[  166s] 
[  166s] gvfs-backends.x86_64: I: polkit-cant-acquire-privilege org.gtk.vfs.file-operations-helper (no:no:auth_admin_keep)
[  166s] gvfs-backends.x86_64: I: polkit-cant-acquire-privilege org.gtk.vfs.file-operations (no:no:auth_admin_keep)
[  166s] Usability can be improved by allowing users to acquire privileges via
[  166s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define
[  166s] 'allow_any'. This is an issue only if the privilege is not listed in /etc
[  166s] /polkit-default-privs.*


We are not asking for extend privs here, just that it gets added to polkit-default-privs.standard so admins/users can find it without looking at build-logs.
Comment 1 Bjørn Lie 2018-02-23 16:32:40 UTC 
Adding Matthias Gerstner to CC since this exact priv was used as an example of an untracked one.

Maybe now we can have this audit move forward.
Comment 2 Matthias Gerstner 2018-03-09 13:12:18 UTC 
There is a duplicate AUDIT bug for this. I am keeping the newer one, because it has more information in it.

*** This bug has been marked as a duplicate of bug 1073214 ***