Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 91467 - dev-libs/libprelude insecure file permission : informations leak
Summary: dev-libs/libprelude insecure file permission : informations leak
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Default Configs (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [noglsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-04 11:44 UTC by eromang
Modified: 2005-05-11 13:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description eromang 2005-05-04 11:44:36 UTC 
Hello;

The /etc/prelude-sensors/sensors-default.conf si world readable

This is not so dangerous, but this is an IDS :)



Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
This file is world readable

Expected Results:  
This file should not be world readable
Comment 1 Aaron Walker (RETIRED) gentoo-dev 2005-05-07 05:06:19 UTC 
Ok, it looks like 0.9.0_rc2 does not install this file, only 0.8.10.  It's definitely an upstream bug as it's installed via make install.  What perms should it have?

The best we could do is fix it in the ebuild.  This of course would only affect new installs.  Maybe add an ebeep/epause to inform the user if an old world-readable version is present?  Too bad etc-update/dispatch-conf doesn't handle permission changes.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-09 23:12:40 UTC 
Aaron pkg_postinst handles file permissions.
Comment 3 Aaron Walker (RETIRED) gentoo-dev 2005-05-10 06:43:33 UTC 
0.8.10-r1 is in cvs. stable on x86. CC'd archs pls stable.
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2005-05-10 12:40:35 UTC 
sparc stable.
Comment 5 Lars Weiler (RETIRED) gentoo-dev 2005-05-10 16:15:21 UTC 
ppc stable.
Comment 6 Bryan Østergaard (RETIRED) gentoo-dev 2005-05-11 02:40:05 UTC 
Stable on alpha + ia64.
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2005-05-11 08:30:47 UTC 
amd64 done
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-11 13:52:59 UTC 
Thx everyone.