Bug 209929
Summary: | insecure password and config files permissions | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lubos Stanek <lubek> |
Component: | ss5 | Assignee: | Matteo Ricchetti <matteo.ricchetti> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | extras-qa |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-10-11 14:25:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lubos Stanek
2006-10-08 13:02:52 UTC
I changed spec.file with 0640 mode and made a rebuild for Devel (FC-6). Tell me if is ok and if I have to do it also for old dist (FC-4/5) Thx. (In reply to comment #1) Yes, it is definitely better. I think that this change should be reflected in all builds. It enhances the daemon files protection. Maybe you could also check permissions in the application and log week permissions. I am currently trying to make the selinux module for ss5. Tell me if you are interrested. Use my address directly. OK, I'm going to fix also FC4/5 About SELinux, it could be very interesting, even if ss5 should works also for Solaris and FreeBSD. Thx OK, I'm going to fix also FC4/5 About SELinux, it could be very interesting, even if ss5 should works also for Solaris and FreeBSD. Thx (In reply to comment #4) The SELinux does not mean changes to the application. It defines the rules, limits and borders under which the application runs. (Ex.: it can read and write to/from certain log file but it cannot read other files. You can imagine something like chroot.) The source and other ports will remain unchanged. The SELinux module can be used by anyone trying to protect ss5 under SELinux. If Solaris or FeeeBSD uses SELinux, it can use the module as well. Look at pure_ftpd in Extras. Close this bug, it is solved. I hope that one and only response will suffice. :) Closed |