Gentoo Bug 91467 - dev-libs/libprelude insecure file permission : informations leak

First Last Prev Next No search results available Search page Enter new bug

Bug#:	91467
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	eromang <eromang@zataz.net>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 91467 depends on:			Show dependency tree
Bug 91467 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-05-04 11:44 0000

Hello;

The /etc/prelude-sensors/sensors-default.conf si world readable

This is not so dangerous, but this is an IDS :)



Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
This file is world readable

Expected Results:  
This file should not be world readable

------- Comment #1 From Aaron Walker (RETIRED) 2005-05-07 05:06:19 0000 -------

Ok, it looks like 0.9.0_rc2 does not install this file, only 0.8.10.  It's
definitely an upstream bug as it's installed via make install.  What perms
should it have?

The best we could do is fix it in the ebuild.  This of course would only affect
new installs.  Maybe add an ebeep/epause to inform the user if an old
world-readable version is present?  Too bad etc-update/dispatch-conf doesn't
handle permission changes.

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-05-09 23:12:40 0000 -------

Aaron pkg_postinst handles file permissions.

------- Comment #3 From Aaron Walker (RETIRED) 2005-05-10 06:43:33 0000 -------

0.8.10-r1 is in cvs. stable on x86. CC'd archs pls stable.

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-05-10 12:40:35 0000 -------

sparc stable.

------- Comment #5 From Lars Weiler (RETIRED) 2005-05-10 16:15:21 0000 -------

ppc stable.

------- Comment #6 From Bryan Østergaard (RETIRED) 2005-05-11 02:40:05 0000 -------

Stable on alpha + ia64.

------- Comment #7 From Simon Stelling (RETIRED) 2005-05-11 08:30:47 0000 -------

amd64 done

------- Comment #8 From Sune Kloppenborg Jeppesen 2005-05-11 13:52:59 0000 -------

Thx everyone.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 91467

dev-libs/libprelude insecure file permission : informations leak

Last modified: 2005-05-11 13:52:59 0000