Bug 32832 - Нарушает ALT Secure Packaging Policy
Summary: Нарушает ALT Secure Packaging Policy
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: snort (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Mikhail Efremov
QA Contact: qa-sisyphus
URL: https://www.altlinux.org/Secure_Packa...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-01 05:22 MSK by Evgenii Terechkov
Modified: 2016-12-01 10:12 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Evgenii Terechkov 2016-12-01 05:22:42 MSK 
Пакет нарушает ALT Secure Packaging Policy, на что ежедневно в почту жалуется
logrotate (3.9.1-alt2 и выше):

=8<=======================================================================
error: skipping "/var/log/snort/snort.log.1480503381" because parent directory has insecure permissions (it's group writable and has no sticky bit set); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480496531" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480497478" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480498666" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480498719" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480499917" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480500364" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth0/snort.u2.1480503469" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth1/snort.u2.1480500364" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/snort/eth1/snort.u2.1480503469" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
=8<=======================================================================

Полиси гласит:
=8<=======================================================================
Пакеты не должны содержать каталоги, принадлежащие псевдо-пользователям. Вместо
этого следует использовать каталоги, принадлежащие root, с установленным sticky
bit и доступом группы по записи.
=8<=======================================================================

P.S.: предыстория здесь: https://bugzilla.altlinux.org/show_bug.cgi?id=31623

P.P.S.: согласно определению ldv в багтрекере, пакеты нарушающие SPP это блокер
для выпуска продуктов, основанных на сизифе (цитата не дословная).