Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458018 - net-dns/pdns need more strict permissions for pdns.conf (security threat)
Summary: net-dns/pdns need more strict permissions for pdns.conf (security threat)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Wegener
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-17 18:20 UTC by Marios Andreopoulos
Modified: 2013-10-17 07:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marios Andreopoulos 2013-02-17 18:20:58 UTC
PowerDNS' configuration file is /etc/powerdns/pdns.conf .

It is expected for the user to enter senstive information in this file, like his MySQL credentials for the database he keeps his DNS entries.

This file has 644 permissions. I suggest to alter them to 640 or even 600.

Currently any user of the system can get your MySQL credentials and alter your DNS entries.


Reproducible: Always

Steps to Reproduce:
1. emerge net-dns/pdns
2. ls -l /etc/powerdns/pdns.conf 
 
Actual Results:  
-rw-r--r-- 1 root root 10020 Feb 17 08:39 /etc/powerdns/pdns.conf

Expected Results:  
-rw------- 1 root root 10020 Feb 17 08:39 /etc/powerdns/pdns.conf
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2013-10-17 07:18:34 UTC
  23 May 2013; Tiziano Müller <dev-zero@gentoo.org> pdns-3.2.ebuild:
  Fix dependencies for USE=static and add pkg_postinst functionality to fix
  permissions on /etc/pdns (bug #458018), as discussed with swegener.

i guess someone forgot to close the bug.