| Summary: | =net-wireless/wpa_supplicant has world readable default configuration file | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kobboi <gentoo> |
| Component: | Default Configs | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | major | CC: | alexxy, gurligebis, jacobgodserv |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Kobboi
2009-03-27 20:53:33 UTC
wpa_supplicant is running as root, so only root needs to read that file. i can reproduce this on 0.6.8 (which is not yet in the tree :-) same for net-wireless/wpa_supplicant-0.7.2-r3
this file contains keys and passwords. Needs fixing.
Checking the ebuild something similar to this?
+ # fix rights in etc/asterisk before installing to /etc/asterisk
+ cd "${D}";
+ for confile in etc/asterisk/*.*; do
+ fowners asterisk:asterisk $confile;
+ fperms 0660 $confile;
+ done;
Passwords are no longer stored in this file so this issue has been mitigated. The conf file is now used as a dbus configuration. Closing as noglsa due to age. |
