[Secure-testing-team] Bug#837175: usbguard: don' set IPCAllowedGroups=wheel

[Christoph Anton Mitterer]

Package: usbguard
Version: 0.5.14+ds1-1
Severity: important
Tags: security


Hi.

Currently the config sets:
IPCAllowedGroups=wheel

This doesn't seem to be one of the standard Debian
system groups (it doesn't even exist), nor is it created
by the package.
It may very well exist already as some user (thus the security
tag and important).

Please use porper group (I think the upstream docs use "usbguard"
as an example,... or simply use "root" group.


Cheers,
Chris.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages usbguard depends on:
ii  init-system-helpers  1.42
ii  libc6                2.24-2
ii  libcap-ng0           0.7.7-3
ii  libdbus-1-3          1.10.10-1
ii  libdbus-glib-1-2     0.106-1
ii  libgcc1              1:6.2.0-3
ii  libglib2.0-0         2.49.6-1
ii  libqb0               1.0-1
ii  libseccomp2          2.3.1-2
ii  libstdc++6           6.2.0-3
ii  libusbguard0         0.5.14+ds1-1

usbguard recommends no packages.

usbguard suggests no packages.

-- no debconf information