Bug 43825

Summary: Permission of /etc/identd.key
Product: [Retired] Red Hat Linux Reporter: Jan "Yenya" Kasprzak <kas>
Component: pidentdAssignee: Trond Eivind Glomsrxd <teg>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: low    
Version: 7.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-07 13:06:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan "Yenya" Kasprzak 2001-06-07 13:06:06 UTC 
In Red Hat Linux 7.1, the /etc/identd.key is created
by /etc/rc.d/init.d/identd with owner and group of "identd",
and permission bits are set to 0600. From the security
point of view it would be better to have /etc/identd.key
owned by user root, group identd, and permission 0640.
With these permissions, even when the remote exploit
is found in identd, it cannot be used to modify the key file.

Even better solution would be to have /etc/identd.key
owned by user root, group root and permission 0600.
The current identd reads the key _before_ setuid(identd)
and setgid(identd) is called.

-Yenya
Comment 1 Trond Eivind Glomsrxd 2001-06-07 21:35:34 UTC 
pidentd-3.0.12-6 has ownership root.root - thanks for your feedback.