Red Hat Bugzilla – Bug 71923
Zebra config files should not be readable by everyone
Last modified: 2008-05-01 11:38:03 EDT
Description of Problem: The zebra config files should not be readable by the world, as they may contain passwords for changing the routing configuration. Note that /etc/zebra itself has mode 750, so there is no immediate danger, but it can better be changed a.s.a.p., I think. Version-Release number of selected component (if applicable): 0.93a-1
Well, I shouldn't conclude too quickly ;-), I now see the config files are only ghost files. But, still, %attr(640,root,root) should be added for the *.conf files, as now "rpm -V" reports a mode problem (the %post script *does* use mode 640 for the config files it creates) and it won't do that when a file is readable for the world, which is a potential risk. Furthermore, why not just add empty config files to the package i.s.o. including them as %ghost files? Maybe the init scripts can be adapted so the -f test is replaced by a -s test, to force the service to be configured first.
Created attachment 71567 [details] Patch for spec file to change mode of %ghost config files.
0.93a-2