Bug 138268

Summary: wvdialconf creates /etc/wvdial.conf with 1204 perms
Product: [Retired] Fedora Legacy Reporter: Damian Menscher <menscher>
Component: wvdialAssignee: Harald Hoyer <harald>
Status: CLOSED CANTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: fc2CC: mattdm
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 1.54.0-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-07 02:14:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Damian Menscher 2004-11-06 23:31:19 UTC 
Description of problem:

[root@localhost etc]# ls -l wvdial.conf
ls: wvdial.conf: No such file or directory

[root@localhost etc]# wvdialconf wvdial.conf
Scanning your serial ports for a modem.
   [snip]
Found a modem on /dev/ttySL0.
wvdial.conf<Warn>: Can't read config file wvdial.conf: No such file or
directory
Modem configuration written to wvdial.conf.
ttySL0<Info>: Speed 460800; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

[root@localhost etc]# ls -l wvdial.conf
--w----r-T  1 root root 234 Nov  6 17:28 wvdial.conf

Perms should probably be 0600, not 1204

Version-Release number of selected component (if applicable):
wvdial-1.53-13
Comment 1 Matthew Miller 2005-04-26 15:05:20 UTC 
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 2 John Thacker 2006-04-22 04:41:08 UTC 
With the fix for bug 130622, an empty /etc/wvdial.conf is always created with
644 permissions, so this problem shouldn't occur anymore.  Also, the FC2 Legacy
comments apply.
Comment 3 Damian Menscher 2006-04-22 05:07:54 UTC 
Reopening bug, since this is an unacceptable "fix".  This file is likely to
contain passwords, and therefore should have 600 permissions, as I noted 1.5
years ago.

As a side note, it's rather disturbing to see such trivial, but important, bugs
get ignored for 1.5 years.
Comment 4 Matthew Miller 2006-06-30 03:18:34 UTC 
Damian -- I agree it's a bit disturbing. Since this is a security issue, this
probably should have been moved to Fedora Legacy last April. I'm moving it there
now, where someone will evaluate further.

And in the current release of this package, the file *is* created with mode 600,
so the problem is indeed really fixed moving forward.