Bug 71923 - Zebra config files should not be readable by everyone
Summary: Zebra config files should not be readable by everyone
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: zebra
Version: null
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-08-20 08:43 UTC by Jos Vos
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-08-20 09:40:18 UTC
Embargoed:


Attachments (Terms of Use)
Patch for spec file to change mode of %ghost config files. (880 bytes, patch)
2002-08-20 09:40 UTC, Jos Vos
no flags Details | Diff

Description Jos Vos 2002-08-20 08:43:35 UTC
Description of Problem:
The zebra config files should not be readable by the world, as they may contain
passwords for changing the routing configuration.  Note that /etc/zebra itself
has mode 750, so there is no immediate danger, but it can better be changed
a.s.a.p., I think.

Version-Release number of selected component (if applicable):
0.93a-1

Comment 1 Jos Vos 2002-08-20 09:19:45 UTC
Well, I shouldn't conclude too quickly ;-), I now see the config files are only
ghost files.

But, still, %attr(640,root,root) should be added for the *.conf files, as now
"rpm -V" reports a mode problem (the %post script *does* use mode 640 for the
config files it creates) and it won't do that when a file is readable for the
world, which is a potential risk.

Furthermore, why not just add empty config files to the package i.s.o. including
them as %ghost files? Maybe the init scripts can be adapted so the -f test is
replaced by a -s test, to force the service to be configured first.

Comment 2 Jos Vos 2002-08-20 09:40:14 UTC
Created attachment 71567 [details]
Patch for spec file to change mode of %ghost config files.

Comment 3 Elliot Lee 2002-08-26 15:11:15 UTC
0.93a-2


Note You need to log in before you can comment on or make changes to this bug.