Bug 1217179 - AUDIT-WHITELIST: kinfocenter6: new version of kinfocenter D-Bus services
Summary: AUDIT-WHITELIST: kinfocenter6: new version of kinfocenter D-Bus services
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1217076
  Show dependency treegraph
 
Reported: 2023-11-15 12:45 UTC by Matthias Gerstner
Modified: 2024-02-21 14:46 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2023-11-15 12:45:09 UTC 
+++ This bug was initially created as a clone of Bug #1217076

Sub bug for a bunch of new D-Bus interfaces in KDE6.

Package is found in KDE:Unstable:Frameworks/kinfocenter6.

kinfocenter6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-services/org.kde.kinfocenter.dmidecode.service
kinfocenter6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.kinfocenter.dmidecode.conf
Comment 1 Paolo Perego 2023-12-22 13:30:39 UTC 
The code is pretty much only UI to present some command output. From an attacker perspective, is seems to be impossible to inject something or interact in some way. 

I will turn into a WHITELIST audit
Comment 2 Matthias Gerstner 2024-02-13 12:59:39 UTC 
The final version for Factory is now found in KDE:Frameworks/kinfocenter6 with
tarball version tag 5.93.0.

There is a _lot_ of noise in the upstream repository (about 125.000 lines of
git diff) mostly about updated translation files.

The dmidecode helper also changed but only in the translations as well. So I
guess we can whitelist this.
Comment 4 Matthias Gerstner 2024-02-21 14:46:34 UTC 
The whitelisting is in Factory now. Closing as fixed.