Your message dated Tue, 19 Oct 2021 10:35:16 +0000
with message-id <[email protected]>
and subject line Bug#902022: fixed in knockd 0.8-1
has caused the Debian Bug report #902022,
regarding knockd: Insecure file permissions for /etc/knockd.conf
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
902022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902022
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: knockd
Version: 0.7-1
Severity: normal
Dear Maintainer,
after installation of knockd on Debian I discovered that /etc/knockd.conf has a
file permission
of 644. This means the secret port knocking frequence is readable for all
system users.
Additional, if an attacker can get read access to files (due to a flaw in a web
app i. e.)
he can read the sequences and associated commands as well.
On Ubuntu 16.04 the file permission of /etc/knockd.conf is 640 after
installation. I
would expect the same or 600 on Debian.
Please check an fix if appropriate.
Best regards from Germany
Tom Gries
-- System Information:
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: kali-rolling
Codename: kali-rolling
Architecture: x86_64
Kernel: Linux 4.13.0-kali1-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages knockd depends on:
ii libc6 2.25-3
ii libpcap0.8 1.8.1-5
ii logrotate 3.11.0-0.1
ii lsb-base 9.20170808
knockd recommends no packages.
knockd suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: knockd
Source-Version: 0.8-1
Done: Leo Antunes <[email protected]>
We believe that the bug you reported is fixed in the latest version of
knockd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leo Antunes <[email protected]> (supplier of updated knockd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 19 Oct 2021 12:10:26 +0200
Source: knockd
Binary: knockd knockd-dbgsym
Architecture: source amd64
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Leo Antunes <[email protected]>
Changed-By: Leo Antunes <[email protected]>
Description:
knockd - small port-knock daemon
Closes: 868015 902022
Changes:
knockd (0.8-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/control: Fix wrong Vcs-*
.
[ Leo Antunes ]
* [ab774823] debian: update VCS fields
* [6cf96b87] debian: bump to up-to-date formats overall
* [74aada02] New upstream version 0.8
* [75a1e52e] debian: add gbp.conf
* [15d6b105] drop reap_child_procs.patch (merged upstream)
* [3ef12dba] update patches for improved DEP3
* [e87735fc] d.knockd.service: ensure service is enabled (Closes: #868015)
* [07da25fb] d/upstream/metadata: add
* [bfe2e959] d/rules: remove old dh options
* [3009b440] d/control: remove unnecessary deps
* [a626515f] d/rules: fix permissions for /etc/knockd.conf (Closes: #902022)
* [614debf1] d/control: use HTTPS for Vcs-Git URL
* [ca7bf832] d/knockd.service: only start when online
* [7495e2b1] d/patches: fix manpage to match debian config
* [e09f46d2] d/copyright: add missing license block
* [e10d4e01] d/control: switch from d/compat to debhelper-compat dep
Checksums-Sha1:
d481dc3d95858aeb5839a86e258bc2be492326c4 1197 knockd_0.8-1.dsc
282bc4b9c417f03fece8b7e1283615e9c37405c3 93148 knockd_0.8.orig.tar.xz
10d3af12f68df687640ed458d81f609d8f4580c4 5824 knockd_0.8-1.debian.tar.xz
ddb1f2d48974e49f5483e71511eb0f3951e5b7a7 44272 knockd-dbgsym_0.8-1_amd64.deb
57eac0b602da60a17cf14ed27646d7af7ca032ff 5347 knockd_0.8-1_amd64.buildinfo
6762260cf1c39b5aef959ef2af66fcaa7d926a75 30604 knockd_0.8-1_amd64.deb
Checksums-Sha256:
3d20c79bed38e39178f027795e69d096c822b8e980536cf16b56e6a092b5c8d9 1197
knockd_0.8-1.dsc
49fb6c2abc1292cb408e3f3515c5c071a1b13b2a05cb943538f39b2492fd2d24 93148
knockd_0.8.orig.tar.xz
1641f20d9f2ca8ba6fb2b9b726116edaf90df3742263dd4d0dce80f2e7fd59b8 5824
knockd_0.8-1.debian.tar.xz
592f316557e393617cf96d77431ed5e7b1336e94b2c139e8a712924c46d67aa4 44272
knockd-dbgsym_0.8-1_amd64.deb
92b8c02290e348ec83489e129867dd4a215ba9463e96c80014613eb6839c62a8 5347
knockd_0.8-1_amd64.buildinfo
4b5dc2c5b225c99fdbf2fc386316e63ccd91a6044d5939b6af15af4bb1679751 30604
knockd_0.8-1_amd64.deb
Files:
2fd090698db5b6f1ed70a4633cc42688 1197 net optional knockd_0.8-1.dsc
9c49a1dcefc626aafc46cc25d47dedfd 93148 net optional knockd_0.8.orig.tar.xz
a117e19060e9afefef7b71a786b555f9 5824 net optional knockd_0.8-1.debian.tar.xz
2461d2766652a6d0948c8718099a830b 44272 debug optional
knockd-dbgsym_0.8-1_amd64.deb
1c055fb1fefdf61bf6940c19c6a3afd1 5347 net optional knockd_0.8-1_amd64.buildinfo
c41c88e98631053dec1b02adbf1a2ca3 30604 net optional knockd_0.8-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQP0Ug7DX3DfbNxVWps7VcvBNUVqAUCYW6bJwAKCRBs7VcvBNUV
qKC1AQCP1FIN6wAsgnwd0PlPNLahl9BdqFcV+ZToRxBc7aNm0AEAh00D2bnsH86A
XWDjfdQnLYV2R8O+yfp0RhukABkSfwc=
=grSc
-----END PGP SIGNATURE-----
--- End Message ---
