Bug 1146831 – AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home directory?

Bug 1146831 - AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home directory?


Summary:	AUDIT-FIND: kcm_sddm: should the auth helper created the sddm user's home dir...

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Fabian Vogt
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1145182
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-08-22 10:43 UTC by Matthias Gerstner
Modified:	2019-11-19 09:01 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Gerstner 2019-08-22 10:43:26 UTC

+++ This bug was initially created as a clone of Bug #1145182

The kcm_sddm auth helper creates the directory pointed to by the
"sddmUserConfig" parameter, if it is not existing. This means the "sddm" home
directory might be created by this auth helper using the default umask (i.e.
it will be world readable). Is it really this auth helper's job to create this
directory? And if so, shouldn't it be better protected?

Comment 1 Fabian Vogt 2019-11-15 10:20:06 UTC

https://phabricator.kde.org/D23378

Comment 2 Matthias Gerstner 2019-11-19 09:01:14 UTC

With the upstream change the auth helper no longer executes when the "sddm"
home directory is an empty string. This should address the issue.