This package contains specifications for permissions of specific files,
directories, and devices depending on the local security settings. The
local security setting (easy, secure, or paranoid) can be configured in
/etc/sysconfig/security.
Authors:
--------
Werner Fink <werner@suse.de>
Roman Drahtmüller <draht@suse.de>
Provides
Requires
Copyright
GPL
Signatures
internal MD5: 695f3bcd20935ce9e523f5f630e3a7f5
GPG
Changelog
* Thu Oct 20 2005 - lnussel@suse.de
- don't chown if the last component of a path that ends with a slash is a
symlink (still #103186)
* Sat Oct 15 2005 - kkeil@suse.de
- isdnctrl is now in /sbin not in /usr/sbin (#128606)
* Fri Sep 30 2005 - lnussel@suse.de
- remove /var/lib/xmcd as it's not safe to modify permissions in
world writeable directories (#103186).
- remove permissions handling of /var/games/* (#103186)
- add slashes to several directories (#103186)
* Tue Mar 01 2005 - lnussel@suse.de
- fix inn permissions (#67032)
- remove setuid bit from ziptool (#66191)
* Wed Feb 23 2005 - lnussel@suse.de
- remove no longer existing files
- remove setuid plpnfsd (#66207)
- remove setuid bit from dga program
- change vmware permissions
- add /opt/kde3/bin/receivepopup (#66313)
- add /opt/kde3/bin/fileshareset (#66312)
- add /usr/bin/scmxx (#66309)
- add some missing mailman files (#66315)
- include perl script to perform some basic consistency checks
* Mon Jan 31 2005 - meissner@suse.de
- backported security fix from SLES 9 branch. #43035
* Sat Jan 15 2005 - schwab@suse.de
- Comment fixes.
* Mon Nov 22 2004 - sndirsch@suse.de
- permissions.secure: set Xorg to 0711 (4711 before)
* Wed Nov 10 2004 - ro@suse.de
- /var/cache/fonts to 1777 (as in tetex perms before)
* Mon Nov 08 2004 - kukuk@suse.de
- Add nscd socket to permissions file
* Tue Sep 14 2004 - ro@suse.de
- do not use rpm in SuSEconfig.permissions (#45252)
* Tue Sep 14 2004 - ro@suse.de
- dropped check for perl in SuSEconfig.permissions (#45252)
* Wed May 26 2004 - draht@suse.de
- /usr/lib/ia32el/suid_libia32x.so set to (6755,0755,0755) (#40234)
source code audit in progress (#40234) (thomas)
* Fri May 14 2004 - ro@suse.de
- /usr/lib/ia32el/suid_libia32x.so added to easy,secure,paranoid
(0755,0755,0755) (#40234)
* Thu Apr 15 2004 - sndirsch@suse.de
- XFree86 --> Xorg in permissions files
* Tue Apr 06 2004 - mls@suse.de
- added --root option for buildroot operation
* Mon Apr 05 2004 - mls@suse.de
- chkstat: fixed relative symlink chasing
- /usr/src/packages/RPMS back to 1777 in easy, as chkstat can
now handle it
* Sun Apr 04 2004 - mls@suse.de
- chkstat: added missing link count check and safepath() function
- chkstat: refuse to give away s-bits on insecure paths
- chkstat: bugfix: stat file again after chown, as modes may have
changed
* Fri Apr 02 2004 - mls@suse.de
- chkstat: re-implemented it in C to make it more secure
* Thu Apr 01 2004 - kukuk@suse.de
- Remove /var/lock/subsys [#37759]
- Add sticky bit to /var/lock [#37759]
* Wed Mar 24 2004 - draht@suse.de
- make /usr/bin/gpg setuid root in easy+secure, 0755 in paranoid.
[#33570].
* Tue Mar 23 2004 - draht@suse.de
- #36741: /usr/src/packages/RPMS 1777->0755 in easy.
* Mon Mar 22 2004 - kukuk@suse.de
- Fix syntax error in permission.easy
- /usr/bin/ssh should be always 0755
* Fri Feb 13 2004 - draht@suse.de
- /var/run/uscreens (root:root 1777) added
* Thu Feb 12 2004 - kukuk@suse.de
- Don't modify group of crontab and at useless
* Fri Jan 09 2004 - kukuk@suse.de
- Add RPM directory for hppa2.0
* Fri Nov 21 2003 - ro@suse.de
- fpexec decrease go rights to 11
* Wed Nov 05 2003 - ro@suse.de
- inn scripts: u-w (not needed)
* Mon Nov 03 2003 - schwab@suse.de
- chkstat: fix option parsing.
* Wed Oct 29 2003 - kukuk@suse.de
- Sync permissions for shadow package
* Tue Oct 28 2003 - ro@suse.de
- require /sbin/SuSEconfig
* Tue Oct 28 2003 - ro@suse.de
- chkstat: added some new extensions:
allow specifying singular files or a filelist to be checked
output previous/current mode of a failed file
adapted manpage
* Tue Oct 21 2003 - draht@suse.de
- permissions.secure: /etc/ftpusers 0640 root.root -> 0644
* Mon Oct 20 2003 - ro@suse.de
- permissions.*: use ":" and not "." to separate user/group
- chkstat: output also which of (permissions/owner) is wrong
- chkstat: don't try to chown if not root
* Tue Oct 14 2003 - draht@suse.de
- reformatting of all 4 permissions files. xkobo, rocksndiamonds,
xlogical, lbreakout2 and ltris path adoptions.
for future reference: :-)
for i in permissions permissions.easy permissions.secure
permissions.paranoid; do cat $i | \
awk '/^(#|$)/ { print $0; next; }
{ if(NF > 3) {printf("error: %s\n",$0);exit};
printf("%-55s %-17s %4s\n",$1,$2,$3)}' \
> $i.. && mv $i.. $i; done
* Thu Sep 18 2003 - kukuk@suse.de
- Fix group of straps, popauth and ntping
- Remove some GNOME games which do not need special rights anymore
* Tue Sep 16 2003 - kukuk@suse.de
- permissions.easy: change group of bing, vboxbeep, plpnfsd to
trusted, majordomo/wrapper to daemon
* Tue Sep 16 2003 - kukuk@suse.de
- permissions.easy: change group of gpasswd and ziptool to trusted
* Tue Sep 02 2003 - kkeil@suse.de
- fix user fax for hylafax specific files
* Tue Sep 02 2003 - kukuk@suse.de
- fix path to cons.saver, remove setuid bit in paranoid (#25907)
- remove screen
- remove smail (dropped years ago)
* Mon Sep 01 2003 - kkeil@suse.de
- fix group for isdnctrl uucp --> dialout (#28997)
* Mon Sep 01 2003 - draht@suse.de
- feedback@suse.de -> http://www.suse.de/feedback in all files of
the package. #29635.
* Sat Aug 23 2003 - sndirsch@suse.de
- added martian entries of package pachi
* Tue Aug 19 2003 - mmj@suse.de
- Add sysconfig metadata [#28937]
* Tue Jul 29 2003 - draht@suse.de
- fax changes from Tomas Crhak: faxq-helper and spool directories.
* Tue Jul 29 2003 - ro@suse.de
- gnome games moved back to /opt/gnome
* Mon Jul 28 2003 - kukuk@suse.de
- Remove /var/run from permissions file list [Bug #28289]
* Mon Jul 28 2003 - kukuk@suse.de
- /var/lib/gdm: Removed to solve [Bug #28257] for future products.
* Fri Jul 25 2003 - draht@suse.de
- /usr/lib/vte/gnome-pty-helper -> /opt/gnome/lib/vte/gnome-pty-helper
The same with /opt/gnome/lib64/.
* Fri Jun 13 2003 - kukuk@suse.de
- /usr/lib/mgetty+sendfax/faxq-helper added 4711 in easy and secure
* Fri May 02 2003 - sndirsch@suse.de
- added /usr/games/pachi and /var/games/pachi.scores
* Mon Mar 10 2003 - sndirsch@suse.de
- added /usr/games/falconseye.bin
- removed /usr/games/falconseye
* Mon Mar 10 2003 - kukuk@suse.de
- added /usr/lib64/vte/gnome-pty-helper until ported to utempter
* Sun Mar 09 2003 - sndirsch@suse.de
- added /usr/games/falconseye
- removed old falconseye entries
* Thu Mar 06 2003 - ro@suse.de
- added /usr/lib/vte/gnome-pty-helper until ported to utempter
* Thu Feb 20 2003 - mmj@suse.de
- Add sysconfig metadata [#22686]
* Tue Feb 18 2003 - kssingvo@suse.de
- removed squid entries. They will be added and corrected to squids own
permission file /etc/permissions.d/squid (bugzilla#23752):
/var/squid
/var/squid/cache
/var/squid/logs
* Tue Feb 18 2003 - draht@suse.de
- /usr/games/trackballs added 2755 games.games in easy.
* Sun Feb 16 2003 - adrian@suse.de
- allow khc_indexbuilder to write into /var/cache/susehelp in easy mode
- remove old entries (kreatecd and kscd)
* Mon Feb 10 2003 - draht@suse.de
- additions/changes (from #17012, Tobias Burnus):
* read all files from the commandline at once and override
entries given multiple times by the last entry
* enable option --set in addition to -set
* manpage adoptions
* call chkstat only once from SuSEconfig.permissions
* Thu Feb 06 2003 - ro@suse.de
- /var/mtrack -> /var/lib/mtrack
* Tue Nov 19 2002 - ro@suse.de
- zapping_setup_fb moved to /opt/gnome/sbin
* Thu Nov 14 2002 - bg@suse.de
- added hppa to rpm subsystem in permissions files to be able to
finish autobuild
* Thu Oct 24 2002 - ro@suse.de
- two more nethack flavors with sgid games in easy
* Tue Sep 10 2002 - draht@suse.de
- cda entries below /usr/X11R6/lib/X11/xmcd removed.
index.html under /var/lib/xmcd/discog directories added
world-writeable. This is not satisfactory. New user xmcd will be
added in next release.
* Thu Sep 05 2002 - draht@suse.de
- /usr/X11R6/lib/X11/xmcd/bin-Linux-ia64/{cda,xmcd} added.
* Mon Aug 26 2002 - draht@suse.de
- removed all occurrences of kv4lsetup upon request by adrian+uli.
- -s for xlock, xlock-mesa + xscreensaver (#18125), (#18132)
- /usr/src/packages/RPMS/alphaev67 added.
- added /sbin/unix2_chkpwd root.shadow 2755
- -s /usr/sbin/papd (#18103)
* Wed Aug 21 2002 - draht@suse.de
- removed suid bits from heimdal's su and otp (#18104)
* Wed Aug 21 2002 - draht@suse.de
- remove setuid bit from traceroute due to new implementation by
Olaf Kirch which doesn't need euid root. (#18101)
* Wed Aug 21 2002 - draht@suse.de
- removed lprng entries because of conflicts cups <-> lprng
* Wed Aug 21 2002 - draht@suse.de
- vboxbeep -> 0755 in secure.
* Mon Aug 19 2002 - ro@suse.de
- added prereq (#17956)
* Mon Aug 19 2002 - uli@suse.de
- added nethack for lib64 archs
* Mon Aug 19 2002 - uli@suse.de
- added xmcd for archs != i386
* Tue Aug 13 2002 - draht@suse.de
- gnome-games2 entries changed/adopted to /opt/gnome2 path.
* Tue Aug 13 2002 - draht@suse.de
- changed kcheckpass from 2755 root.shadow to 4755. (#17664)
* Wed Jul 31 2002 - olh@suse.de
- ncpmount, ncpumount, nwsfind, ncplogin, ncpmap root.trusted 4750
* Sat Jul 27 2002 - kukuk@suse.de
- Rename group wwwadmin to www
- Rename group game to games
* Tue Jul 23 2002 - draht@suse.de
- added sapdb files, not setuid root in secure,paranoid.
* Mon Jul 22 2002 - draht@suse.de
- added frontpage files
* Tue Jul 16 2002 - draht@suse.de
- changed entries for mailman: group mdom -> mailman
* Tue Jul 16 2002 - draht@suse.de
- mailman sgid mdom files added to easy, secure and paranoid.
* Wed Jul 10 2002 - draht@suse.de
- .paranoid comment fixed about at and cron (#12159)
* Mon Jul 08 2002 - draht@suse.de
- ppp dialup networking fixes and cleanup.
* Mon Jul 08 2002 - draht@suse.de
- modifications: -s for pppd, world-writeable directories for
kdemultimedia3-sound, gift, mips and armv4l RPMS directory.
* Fri Jul 05 2002 - kukuk@suse.de
- Add /usr/src/packages/RPMS/sparcv9 to easy,secure,paranoid.
* Thu Jul 04 2002 - draht@suse.de
- /usr/lib64/pt_chown added to easy,secure,paranoid.
* Mon Jul 01 2002 - draht@suse.de
- entries for packages added or changed:
squid
geki2
d1x
falconseye
fdutils
gewels
gnome-games
heimdal
lbreakout
lpdfilter
lprng
man
mgetty (/var/spool/fax/outgoing/* need discussion)
mtrack (locfile+satfile -> 0644)
nethack
nvi-m17n (/var/preserve/vi.recover -> 1777)
opie (/bin -> /usr/bin)
pcp
plptools
qpopper
rp-pppoe (/usr/sbin/pppoe-wrapper)
smpppd (/usr/sbin/cinternet-wwwrun wwwrun.dialout 2750)
squid (/usr/sbin/pam_auth)
su-wrapper
xemacs (lock directory changed again? now /var/state/xemacs and /var/lib/xemacs)
xgalaga
xmcd
xscrabble
* Mon Jul 01 2002 - ro@suse.de
- don't install all sources (spec file etc.)
* Fri Jun 28 2002 - draht@suse.de
- minor spec file change
* Fri Jun 28 2002 - draht@suse.de
- entries for packages added:
ftpdir
gnokii
kamplus
geki2
aaa_dir (/tmp/.ICE-unix)
* Fri Jun 28 2002 - draht@suse.de
- unpack tar archive in source for convenience.
* Thu Jun 27 2002 - olh@suse.de
- update permissions of /usr/src/packages/RPMS/<arch>
* Fri Jun 21 2002 - ro@suse.de
- created package as split off from aaa_base
Files
è�X �
Generated by rpm2html 1.8.1
Daniel Veillard, Sat May 3 04:13:18 2008