1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#266924: libpam-radius-auth: permissions for config file are wrong

    From Fabio Massimo Di Nitto@1:229/2 to Michael Stone on Fri Aug 20 11:30:15 2004
    From: [email protected]

    Hi Michael,

    On Thu, 19 Aug 2004, Michael Stone wrote:

    Package: libpam-radius-auth
    Severity: critical
    Tags: security
    Justification: root security hole

    The permissions on the config file containing the radius shared secret
    are world readable...

    The package should install the file 0600 and, to fix this, change the permissions in the preinst if there is an existing world-readable file.

    As long as updates are being made, it would be nice if the comments
    didn't refer to an incorrect filename.

    thanks for noticing the problem. Please feel free to NMU, because i am traveling and i won't be able to upload a tested fix before monday, and definetely i don't like to do blind untested uploads.

    Fabio

    --
    <user> fajita: step one
    <fajita> Whatever the problem, step one is always to look in the error log. <user> fajita: step two
    <fajita> When in danger or in doubt, step two is to scream and shout.


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)