Bug#684964: citadel-server: world writable config file: /etc/citadel/netconfigs/7
On 2012-12-06 14:47, Michael Meskes wrote: On Wed, Aug 15, 2012 at 10:14:02AM +0200, Andreas Beckmann wrote: during an experimental test with piuparts I noticed that your package creates a world writable config file: -rw-rw-rw- 1 citadel root 11 Aug 8 09:45 /etc/citadel/netconfigs/7 Could you please tell us how you created that file? Just installing 8.14-2? Or did you install 8.14-2 over an old version that already had the file? I just purged and re-installed my test installation and cannot see a trace of file. Doing piuparts tests in any of your scenarios produces that file, fresh installation in minimal lenny, squeeze, wheezy, sid chroots as well as an upgrade to the next distro(s). In lenny there are even a few more bad permissioned files: ERROR: BAD PERMISSIONS -rw-rw-rw- 1 citadel root56 Dec 19 03:15 /etc/citadel/citadel.control -rw-rw-rw- 1 citadel root11 Dec 19 03:14 /etc/citadel/netconfigs/7 -rw-rw-rw- 1 citadel citadel 32 Dec 19 03:15 /etc/citadel/refcount_adjustments.dat These survive over an upgrade to squeeze and to wheezy (via squeeze). Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#684964: citadel-server: world writable config file: /etc/citadel/netconfigs/7
On Wed, Aug 15, 2012 at 10:14:02AM +0200, Andreas Beckmann wrote: during an experimental test with piuparts I noticed that your package creates a world writable config file: -rw-rw-rw- 1 citadel root 11 Aug 8 09:45 /etc/citadel/netconfigs/7 The /etc/citadel/netconfigs directory is citadel:root 0700, so the world writable file is not accessible to local users in a default installation (therefore only severity important). Could you please tell us how you created that file? Just installing 8.14-2? Or did you install 8.14-2 over an old version that already had the file? I just purged and re-installed my test installation and cannot see a trace of file. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org Jabber: michael.meskes at gmail dot com VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#684964: citadel-server: world writable config file: /etc/citadel/netconfigs/7
Package: citadel-server Version: 7.83-2squeeze2 Severity: important Tags: security User: debian...@lists.debian.org Usertags: piuparts Hi, during an experimental test with piuparts I noticed that your package creates a world writable config file: -rw-rw-rw- 1 citadel root 11 Aug 8 09:45 /etc/citadel/netconfigs/7 The /etc/citadel/netconfigs directory is citadel:root 0700, so the world writable file is not accessible to local users in a default installation (therefore only severity important). Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org