Package: libkf5su-bin Version: 5.16.0-1 Severity: important Dear Maintainer,
I noticed that the file /usr/lib/x86_64-linux-gnu/libexec/kf5/kdesud is group owned by "root" and not group suid. Given the CMake snippet from the source package: install(TARGETS kdesud DESTINATION ${KDE_INSTALL_LIBEXECDIR_KF5}) install(CODE " set(KDESUD_PATH \"\$ENV{DESTDIR}${CMAKE_INSTALL_FULL_LIBEXECDIR_KF5}/kdesud\") execute_process(COMMAND sh -c \"chgrp nogroup '\${KDESUD_PATH}' && chmod g+s '\${KDESUD_PATH}'\") ") Without being suid for group the kdesud process is rather useless as kdesu from kde-cli-tools reports: kdesu(2626)/(org.kde.kdesu) startApp: Daemon not safe (not sgid), not using it. Best Regards, Martin Gräßlin -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libkf5su-bin depends on: ii libc6 2.19-22 ii libkf5coreaddons5 5.15.0-1 ii libkf5i18n5 5.15.0-1 ii libkf5su5 5.15.0-1 ii libqt5core5a 5.5.1+dfsg-8 ii libstdc++6 5.2.1-23 ii libx11-6 2:1.6.3-1 libkf5su-bin recommends no packages. libkf5su-bin suggests no packages. -- no debconf information -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libkf5su-bin depends on: ii libc6 2.19-22 ii libkf5coreaddons5 5.15.0-1 ii libkf5i18n5 5.15.0-1 ii libkf5su5 5.15.0-1 ii libqt5core5a 5.5.1+dfsg-8 ii libstdc++6 5.2.1-23 ii libx11-6 2:1.6.3-1 libkf5su-bin recommends no packages. libkf5su-bin suggests no packages. -- no debconf information