Bugzilla – Bug 1216756
AUDIT-FIND: shadowsocks-libev: Recursive chown in user owned directory
Last modified: 2024-04-19 10:05:32 UTC
A recent change in shadowsocks-libev introduced: 162 %post 163 %service_add_post %{name}-server.service 164 %service_add_post %{name}-client.service 165 %service_add_post %{name}-manager.service 166 %service_add_post %{name}-nat.service 167 %service_add_post %{name}-redir.service 168 %service_add_post %{name}-tunnel.service 169 %service_add_post %{name}-server@.service 170 %service_add_post %{name}-client@.service 171 %service_add_post %{name}-nat@.service 172 %service_add_post %{name}-redir@.service 173 %service_add_post %{name}-tunnel@.service 174 chown root:shadowsocks %{_sysconfdir}/shadowsocks -R This is not great from a security POV and I also fail to see why we do this. The group just has read permissions, but the shadowsocks-libev-config.json file in there has 644 anyway, so I doesn't really help. Can we drop this?
can't assign it to the openSUSE contributor, sent him a mail
Side note: this might be the result of an attempt to fix bug 1212862.