Bug 71923 - Zebra config files should not be readable by everyone
Zebra config files should not be readable by everyone
Product: Red Hat Public Beta
Classification: Retired
Component: zebra (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Depends On:
  Show dependency treegraph
Reported: 2002-08-20 04:43 EDT by Jos Vos
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-08-20 05:40:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for spec file to change mode of %ghost config files. (880 bytes, patch)
2002-08-20 05:40 EDT, Jos Vos
no flags Details | Diff

  None (edit)
Description Jos Vos 2002-08-20 04:43:35 EDT
Description of Problem:
The zebra config files should not be readable by the world, as they may contain
passwords for changing the routing configuration.  Note that /etc/zebra itself
has mode 750, so there is no immediate danger, but it can better be changed
a.s.a.p., I think.

Version-Release number of selected component (if applicable):
Comment 1 Jos Vos 2002-08-20 05:19:45 EDT
Well, I shouldn't conclude too quickly ;-), I now see the config files are only
ghost files.

But, still, %attr(640,root,root) should be added for the *.conf files, as now
"rpm -V" reports a mode problem (the %post script *does* use mode 640 for the
config files it creates) and it won't do that when a file is readable for the
world, which is a potential risk.

Furthermore, why not just add empty config files to the package i.s.o. including
them as %ghost files? Maybe the init scripts can be adapted so the -f test is
replaced by a -s test, to force the service to be configured first.
Comment 2 Jos Vos 2002-08-20 05:40:14 EDT
Created attachment 71567 [details]
Patch for spec file to change mode of %ghost config files.
Comment 3 Elliot Lee 2002-08-26 11:11:15 EDT

Note You need to log in before you can comment on or make changes to this bug.