Bug 1217179

Summary: AUDIT-WHITELIST: kinfocenter6: new version of kinfocenter D-Bus services
Product: [Novell Products] SUSE Security Incidents Reporter: Matthias Gerstner <matthias.gerstner>
Component: AuditsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: opensuse-kde-bugs, paolo.perego
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1217076    

Description Matthias Gerstner 2023-11-15 12:45:09 UTC 
+++ This bug was initially created as a clone of Bug #1217076

Sub bug for a bunch of new D-Bus interfaces in KDE6.

Package is found in KDE:Unstable:Frameworks/kinfocenter6.

kinfocenter6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-services/org.kde.kinfocenter.dmidecode.service
kinfocenter6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.kinfocenter.dmidecode.conf
Comment 1 Paolo Perego 2023-12-22 13:30:39 UTC 
The code is pretty much only UI to present some command output. From an attacker perspective, is seems to be impossible to inject something or interact in some way. 

I will turn into a WHITELIST audit
Comment 2 Matthias Gerstner 2024-02-13 12:59:39 UTC 
The final version for Factory is now found in KDE:Frameworks/kinfocenter6 with
tarball version tag 5.93.0.

There is a _lot_ of noise in the upstream repository (about 125.000 lines of
git diff) mostly about updated translation files.

The dmidecode helper also changed but only in the translations as well. So I
guess we can whitelist this.
Comment 4 Matthias Gerstner 2024-02-21 14:46:34 UTC 
The whitelisting is in Factory now. Closing as fixed.