Bug 106738 - /etc/wvdial.conf is created world readable
/etc/wvdial.conf is created world readable
Product: Fedora
Classification: Fedora
Component: redhat-config-network (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
: 88856 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2003-10-09 21:51 EDT by Warren Lewis
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-10-14 05:18:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Warren Lewis 2003-10-09 21:51:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
When you create a ppp connection with redhat-config-network it creates
/etc/wvdial.conf with the ppp account info in it including the password in clear
text. the mode is set to group/world readable!

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. rm /etc/wvdial.conf if it exists
2. run redhat-config-network 
3. create a ppp connection
4. ls -l /etc/wvdial.conf (note all have read permissions)
5. more /etc/wvdial.conf (note ppp account password readable)

Actual Results:  world readable /etc/wvdial.conf with plain text password in it.

Expected Results:  readable only by root /etc/wvdial.conf

Additional info:
Comment 1 Warren Lewis 2003-10-09 22:02:07 EDT
Looks like this is also in Redhat 9, see bug 88856 it's filed on wvdial package
(which doesn't write the config file I think) and with normal/normal severity,
it probably should be moved to redhat-config-network with security/high
Comment 2 Bill Nottingham 2003-10-09 23:20:45 EDT
*** Bug 88856 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.