Bug 71923

Summary: Zebra config files should not be readable by everyone
Product: [Retired] Red Hat Public Beta Reporter: Jos Vos <jos>
Component: zebraAssignee: Elliot Lee <sopwith>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: null   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-08-20 09:40:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for spec file to change mode of %ghost config files. none

Description Jos Vos 2002-08-20 08:43:35 UTC 
Description of Problem:
The zebra config files should not be readable by the world, as they may contain
passwords for changing the routing configuration.  Note that /etc/zebra itself
has mode 750, so there is no immediate danger, but it can better be changed
a.s.a.p., I think.

Version-Release number of selected component (if applicable):
0.93a-1
Comment 1 Jos Vos 2002-08-20 09:19:45 UTC 
Well, I shouldn't conclude too quickly ;-), I now see the config files are only
ghost files.

But, still, %attr(640,root,root) should be added for the *.conf files, as now
"rpm -V" reports a mode problem (the %post script *does* use mode 640 for the
config files it creates) and it won't do that when a file is readable for the
world, which is a potential risk.

Furthermore, why not just add empty config files to the package i.s.o. including
them as %ghost files? Maybe the init scripts can be adapted so the -f test is
replaced by a -s test, to force the service to be configured first.
Comment 2 Jos Vos 2002-08-20 09:40:14 UTC 
Created attachment 71567 [details]
Patch for spec file to change mode of %ghost config files.
Comment 3 Elliot Lee 2002-08-26 15:11:15 UTC 
0.93a-2