Bug 1146831 - AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home directory?
AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home dir...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Fabian Vogt
E-mail List
:
Depends on:
Blocks: 1145182
  Show dependency treegraph
 
Reported: 2019-08-22 10:43 UTC by Matthias Gerstner
Modified: 2019-11-19 09:01 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2019-08-22 10:43:26 UTC
+++ This bug was initially created as a clone of Bug #1145182

The kcm_sddm auth helper creates the directory pointed to by the
"sddmUserConfig" parameter, if it is not existing. This means the "sddm" home
directory might be created by this auth helper using the default umask (i.e.
it will be world readable). Is it really this auth helper's job to create this
directory? And if so, shouldn't it be better protected?
Comment 1 Fabian Vogt 2019-11-15 10:20:06 UTC
https://phabricator.kde.org/D23378
Comment 2 Matthias Gerstner 2019-11-19 09:01:14 UTC
With the upstream change the auth helper no longer executes when the "sddm"
home directory is an empty string. This should address the issue.