Bug 138268 - wvdialconf creates /etc/wvdial.conf with 1204 perms
wvdialconf creates /etc/wvdial.conf with 1204 perms
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: wvdial (Show other bugs)
fc2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
David Lawrence
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-06 18:31 EST by Damian Menscher
Modified: 2007-04-18 13:14 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.54.0-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-06 22:14:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Damian Menscher 2004-11-06 18:31:19 EST
Description of problem:

[root@localhost etc]# ls -l wvdial.conf
ls: wvdial.conf: No such file or directory

[root@localhost etc]# wvdialconf wvdial.conf
Scanning your serial ports for a modem.
   [snip]
Found a modem on /dev/ttySL0.
wvdial.conf<Warn>: Can't read config file wvdial.conf: No such file or
directory
Modem configuration written to wvdial.conf.
ttySL0<Info>: Speed 460800; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

[root@localhost etc]# ls -l wvdial.conf
--w----r-T  1 root root 234 Nov  6 17:28 wvdial.conf

Perms should probably be 0600, not 1204

Version-Release number of selected component (if applicable):
wvdial-1.53-13
Comment 1 Matthew Miller 2005-04-26 11:05:20 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 2 John Thacker 2006-04-22 00:41:08 EDT
With the fix for bug 130622, an empty /etc/wvdial.conf is always created with
644 permissions, so this problem shouldn't occur anymore.  Also, the FC2 Legacy
comments apply.
Comment 3 Damian Menscher 2006-04-22 01:07:54 EDT
Reopening bug, since this is an unacceptable "fix".  This file is likely to
contain passwords, and therefore should have 600 permissions, as I noted 1.5
years ago.

As a side note, it's rather disturbing to see such trivial, but important, bugs
get ignored for 1.5 years.
Comment 4 Matthew Miller 2006-06-29 23:18:34 EDT
Damian -- I agree it's a bit disturbing. Since this is a security issue, this
probably should have been moved to Fedora Legacy last April. I'm moving it there
now, where someone will evaluate further.

And in the current release of this package, the file *is* created with mode 600,
so the problem is indeed really fixed moving forward.

Note You need to log in before you can comment on or make changes to this bug.