Bug 138268 - wvdialconf creates /etc/wvdial.conf with 1204 perms
Summary: wvdialconf creates /etc/wvdial.conf with 1204 perms
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: wvdial
Version: fc2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-06 23:31 UTC by Damian Menscher
Modified: 2007-04-18 17:14 UTC (History)
1 user (show)

Fixed In Version: 1.54.0-2
Clone Of:
Environment:
Last Closed: 2007-04-07 02:14:16 UTC
Embargoed:


Attachments (Terms of Use)

Description Damian Menscher 2004-11-06 23:31:19 UTC
Description of problem:

[root@localhost etc]# ls -l wvdial.conf
ls: wvdial.conf: No such file or directory

[root@localhost etc]# wvdialconf wvdial.conf
Scanning your serial ports for a modem.
   [snip]
Found a modem on /dev/ttySL0.
wvdial.conf<Warn>: Can't read config file wvdial.conf: No such file or
directory
Modem configuration written to wvdial.conf.
ttySL0<Info>: Speed 460800; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

[root@localhost etc]# ls -l wvdial.conf
--w----r-T  1 root root 234 Nov  6 17:28 wvdial.conf

Perms should probably be 0600, not 1204

Version-Release number of selected component (if applicable):
wvdial-1.53-13

Comment 1 Matthew Miller 2005-04-26 15:05:20 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 2 John Thacker 2006-04-22 04:41:08 UTC
With the fix for bug 130622, an empty /etc/wvdial.conf is always created with
644 permissions, so this problem shouldn't occur anymore.  Also, the FC2 Legacy
comments apply.

Comment 3 Damian Menscher 2006-04-22 05:07:54 UTC
Reopening bug, since this is an unacceptable "fix".  This file is likely to
contain passwords, and therefore should have 600 permissions, as I noted 1.5
years ago.

As a side note, it's rather disturbing to see such trivial, but important, bugs
get ignored for 1.5 years.

Comment 4 Matthew Miller 2006-06-30 03:18:34 UTC
Damian -- I agree it's a bit disturbing. Since this is a security issue, this
probably should have been moved to Fedora Legacy last April. I'm moving it there
now, where someone will evaluate further.

And in the current release of this package, the file *is* created with mode 600,
so the problem is indeed really fixed moving forward.


Note You need to log in before you can comment on or make changes to this bug.