955384 – Default permissions of /etc/prosody/* are weak

Bug 955384 - Default permissions of /etc/prosody/* are weak

Summary: Default permissions of /etc/prosody/* are weak

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	prosody
Sub Component:
Version:	el6
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Johan Cwiklinski
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	955780
TreeView+	depends on / blocked

Reported:	2013-04-22 23:36 UTC by Robert Scheck
Modified:	2013-10-02 06:52 UTC (History)
CC List:	3 users (show)
Fixed In Version:	prosody-0.8.2-10.fc19
Clone Of:
Environment:
Last Closed:	2013-05-15 19:43:52 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Patch suggestion for prosody.spec to harden /etc/prosody/* (1020 bytes, patch) 2013-04-22 23:38 UTC, Robert Scheck	no flags	Details \| Diff
View All

Description Robert Scheck 2013-04-22 23:36:59 UTC

Description of problem:
The default permissions of /etc/prosody/* are weak. If I would put any of
my database connection data into the default configuration file (which is
expected) then these login credentials could be read by everybody on this
local system.

Version-Release number of selected component (if applicable):
prosody-0.8.2-5.el6.x86_64

How reproducible:
Everytime, just set up a plain prosody and have a look to the permissions.

Actual results:
The default permissions of /etc/prosody/* are weak.

Expected results:
More hardend default permissions of /etc/prosody/*.

Additional info:
This issue affects all Fedora and EPEL branches! Please apply the attached
patch or better.

Comment 1 Robert Scheck 2013-04-22 23:38:22 UTC

Created attachment 738726 [details]
Patch suggestion for prosody.spec to harden /etc/prosody/*

Comment 2 Fedora Update System 2013-04-27 22:44:50 UTC

prosody-0.8.2-8.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/prosody-0.8.2-8.fc18

Comment 3 Fedora Update System 2013-04-27 22:45:14 UTC

prosody-0.8.2-6.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/prosody-0.8.2-6.el6

Comment 4 Fedora Update System 2013-04-27 22:45:39 UTC

prosody-0.8.2-6.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/prosody-0.8.2-6.fc17

Comment 5 Fedora Update System 2013-04-27 22:56:08 UTC

prosody-0.8.2-9.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/prosody-0.8.2-9.el5

Comment 6 Fedora Update System 2013-04-28 18:31:38 UTC

prosody-0.8.2-9.el5 has been pushed to the Fedora EPEL 5 testing repository.

Comment 7 Fedora Update System 2013-05-15 19:43:52 UTC

prosody-0.8.2-9.el5 has been pushed to the Fedora EPEL 5 stable repository.

Comment 8 Fedora Update System 2013-05-29 17:33:34 UTC

prosody-0.8.2-6.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-05-30 03:02:15 UTC

prosody-0.8.2-8.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2013-05-30 03:07:41 UTC

prosody-0.8.2-6.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2013-09-18 21:32:21 UTC

prosody-0.8.2-10.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/prosody-0.8.2-10.fc19

Comment 12 Fedora Update System 2013-10-02 06:52:31 UTC

prosody-0.8.2-10.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.