272390 – Request for restricted permissions on configuration files for sys-apps/xinetd

Bug 272390 - Request for restricted permissions on configuration files for sys-apps/xinetd

Summary: Request for restricted permissions on configuration files for sys-apps/xinetd

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-06-03 09:05 UTC by montjoie
Modified:	2009-06-08 13:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description montjoie 2009-06-03 09:05:11 UTC

Enhancement of instalation of sys-apps/xinetd:
-minimal installation (no chargen, no daytime etc..) (a USEflag minimal ?)
-restricted rigths by default (umask 027)

Reproducible: Always

Actual Results:  
ls -lr /etc/xinetd.*
-rw-r--r--. 1 root root 1010 Mar 13 19:26 /etc/xinetd.conf

/etc/xinetd.d:
total 112
-rw-r--r--. 1 root root 1150 Mar 13 19:26 time-stream
-rw-r--r--. 1 root root 1149 Mar 13 19:26 time-dgram
-rw-r--r--. 1 root root  205 Apr 13 11:30 telnetd
-rw-r--r--. 1 root root 1212 Mar 13 19:26 tcpmux-server
-rw-r--r--. 1 root root 1356 Mar 13 19:26 ftp-sensor
-rw-r--r--. 1 root root 1150 Mar 13 19:26 echo-stream
-rw-r--r--. 1 root root 1148 Mar 13 19:26 echo-dgram
-rw-r--r--. 1 root root 1159 Mar 13 19:26 discard-stream
-rw-r--r--. 1 root root 1157 Mar 13 19:26 discard-dgram
-rw-r--r--. 1 root root 1159 Mar 13 19:26 daytime-stream
-rw-r--r--. 1 root root 1157 Mar 13 19:26 daytime-dgram
-rw-r--r--. 1 root root 1159 Mar 13 19:26 chargen-stream
-rw-r--r--. 1 root root 1157 Mar 13 19:26 chargen-dgram

drwxr-xr--. 2 root root 4096 Apr 13 11:30 /etc/xinetd.d/

Expected Results:  
ls -lr /etc/xinetd.*
-rw-r-----. 1 root root 1010 Mar 13 19:26 /etc/xinetd.conf

/etc/xinetd.d:

drwxr-x---. 2 root root 4096 Apr 13 11:30 /etc/xinetd.d/

Comment 1 Mike Auty (RETIRED) gentoo-dev

2009-06-06 17:50:02 UTC

That's two requests at one, so I'm going to use the one you've provided the most information about (settings more restrictive permissions on the xinetd configuration files).  I'll leave it up to the maintainers as to whether they want to deal with your minimal installation request here, or in a separate bug...

Comment 2 SpanKY gentoo-dev

2009-06-06 21:29:29 UTC

i dont see any value in either of these things

Comment 3 montjoie 2009-06-08 07:23:16 UTC

Before /etc/xinetd.conf is 644 after it must be 640
Before /etc/xinetd.d/* is 644 after it must be 640

I will open a second bug for the minimal use flag (273145)

Comment 4 SpanKY gentoo-dev

2009-06-08 10:27:21 UTC

stating the perms you desire doesnt explain why you think they should be that way in the first place.  there is no sensitive information in any of these configuration files that would warrant locking them down.

Comment 5 montjoie 2009-06-08 11:24:02 UTC

By principle, only root must known what are enabled/disabled.

It's not because the informations is not sensitive that it should not be hided.

Comment 6 SpanKY gentoo-dev

2009-06-08 12:32:13 UTC

that's not a very compelling reason at all, plus xinetd.conf doesnt cover service enablement in the first place

Comment 7 montjoie 2009-06-08 13:40:52 UTC

And for the /etc/xinitd.d directory ?