Red Hat Bugzilla – Bug 138268
wvdialconf creates /etc/wvdial.conf with 1204 perms
Last modified: 2007-04-18 13:14:41 EDT
Description of problem: [root@localhost etc]# ls -l wvdial.conf ls: wvdial.conf: No such file or directory [root@localhost etc]# wvdialconf wvdial.conf Scanning your serial ports for a modem. [snip] Found a modem on /dev/ttySL0. wvdial.conf<Warn>: Can't read config file wvdial.conf: No such file or directory Modem configuration written to wvdial.conf. ttySL0<Info>: Speed 460800; init "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0" [root@localhost etc]# ls -l wvdial.conf --w----r-T 1 root root 234 Nov 6 17:28 wvdial.conf Perms should probably be 0600, not 1204 Version-Release number of selected component (if applicable): wvdial-1.53-13
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
With the fix for bug 130622, an empty /etc/wvdial.conf is always created with 644 permissions, so this problem shouldn't occur anymore. Also, the FC2 Legacy comments apply.
Reopening bug, since this is an unacceptable "fix". This file is likely to contain passwords, and therefore should have 600 permissions, as I noted 1.5 years ago. As a side note, it's rather disturbing to see such trivial, but important, bugs get ignored for 1.5 years.
Damian -- I agree it's a bit disturbing. Since this is a security issue, this probably should have been moved to Fedora Legacy last April. I'm moving it there now, where someone will evaluate further. And in the current release of this package, the file *is* created with mode 600, so the problem is indeed really fixed moving forward.