43825 – Permission of /etc/identd.key

Bug 43825 - Permission of /etc/identd.key

Summary: Permission of /etc/identd.key

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	pidentd
Sub Component:
Version:	7.1
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Trond Eivind Glomsrxd
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-06-07 13:06 UTC by Jan "Yenya" Kasprzak
Modified:	2007-03-27 03:45 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2001-06-07 13:06:08 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan "Yenya" Kasprzak 2001-06-07 13:06:06 UTC

In Red Hat Linux 7.1, the /etc/identd.key is created
by /etc/rc.d/init.d/identd with owner and group of "identd",
and permission bits are set to 0600. From the security
point of view it would be better to have /etc/identd.key
owned by user root, group identd, and permission 0640.
With these permissions, even when the remote exploit
is found in identd, it cannot be used to modify the key file.

Even better solution would be to have /etc/identd.key
owned by user root, group root and permission 0600.
The current identd reads the key _before_ setuid(identd)
and setgid(identd) is called.

-Yenya

Comment 1 Trond Eivind Glomsrxd 2001-06-07 21:35:34 UTC

pidentd-3.0.12-6 has ownership root.root - thanks for your feedback.

Note You need to log in before you can comment on or make changes to this bug.