Red Hat Bugzilla – Bug 71923
Zebra config files should not be readable by everyone
Last modified: 2008-05-01 11:38:03 EDT
Description of Problem:
The zebra config files should not be readable by the world, as they may contain
passwords for changing the routing configuration. Note that /etc/zebra itself
has mode 750, so there is no immediate danger, but it can better be changed
a.s.a.p., I think.
Version-Release number of selected component (if applicable):
Well, I shouldn't conclude too quickly ;-), I now see the config files are only
But, still, %attr(640,root,root) should be added for the *.conf files, as now
"rpm -V" reports a mode problem (the %post script *does* use mode 640 for the
config files it creates) and it won't do that when a file is readable for the
world, which is a potential risk.
Furthermore, why not just add empty config files to the package i.s.o. including
them as %ghost files? Maybe the init scripts can be adapted so the -f test is
replaced by a -s test, to force the service to be configured first.
Created attachment 71567 [details]
Patch for spec file to change mode of %ghost config files.