Bug 508247
Summary: | /etc/dhcp/dhcpd.conf is world-readable | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> |
Component: | dhcp | Assignee: | David Cantrell <dcantrell> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dcantrell, wwoods |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-30 07:46:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2009-06-26 10:38:33 UTC
The Gentoo bug mentions changing the ownership and permissions of the /etc/dhcp subdirectory, not just the dhcpd.conf file. Would that not be a better approach? I think either way works. I'm not sure what else, if anything, is being put in that directory, but making dhcpd.conf mode 0600 and the directory mode 0750 or 0700 would be fine. You'd have to make there are no regressions with the directory mode change (again, as I'm unsure whether anything else would use it... I have my doubts since on RHEL5 we use /etc/dhcpd.conf so I suspect this directory should be exclusively used for that file). I'll make the permission changes in the next rawhide build. For F-11, I changed the dhcp package to have all configuration files stored in /etc/dhcp because the number of possible files was cluttering up /etc. In /etc/dhcp, you can have: dhcpd.conf dhclient.conf dhclient-DEVICE.conf dhclient-DEVICE-up-hooks dhclient-DEVICE-down-hooks Additionally, I created the /etc/dhcp/dhclient.d directory and expanded dhclient-script to support executing scripts from that subdirectory. The idea is that other packages can provide handlers for specific DHCP options. As of now, there is ntp.sh and nis.sh provided by ntp and ypbind, respectively. These changes will show up in RHEL 6.0. Ok, great. In light of the above, changing the permissions on the directory sounds like the best way forward. Thanks for the explanation and the fix. Will be fixed in dhcp-4.1.0-22.fc12. |