Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 458018

Summary: net-dns/pdns need more strict permissions for pdns.conf (security threat)
Product: Gentoo Linux Reporter: Marios Andreopoulos <opensource>
Component: [OLD] ServerAssignee: Sven Wegener <swegener>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Marios Andreopoulos 2013-02-17 18:20:58 UTC 
PowerDNS' configuration file is /etc/powerdns/pdns.conf .

It is expected for the user to enter senstive information in this file, like his MySQL credentials for the database he keeps his DNS entries.

This file has 644 permissions. I suggest to alter them to 640 or even 600.

Currently any user of the system can get your MySQL credentials and alter your DNS entries.


Reproducible: Always

Steps to Reproduce:
1. emerge net-dns/pdns
2. ls -l /etc/powerdns/pdns.conf 
 
Actual Results:  
-rw-r--r-- 1 root root 10020 Feb 17 08:39 /etc/powerdns/pdns.conf

Expected Results:  
-rw------- 1 root root 10020 Feb 17 08:39 /etc/powerdns/pdns.conf
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2013-10-17 07:18:34 UTC 
  23 May 2013; Tiziano Müller <dev-zero@gentoo.org> pdns-3.2.ebuild:
  Fix dependencies for USE=static and add pkg_postinst functionality to fix
  permissions on /etc/pdns (bug #458018), as discussed with swegener.

i guess someone forgot to close the bug.