ddns3-client (1.8-11)
* /etc/default/ddns3-client made readable by root only in debian/postinst
-- Ian Maclaine-cross Wed, 16 Nov 2011 18:01:04 +1100
** Changed in: ddns3-client (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: ddns3-client (Ubuntu)
Confirmed in 10.10 too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/174997
Title:
World-readable config file is insecure
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Confirmed in 8.04, 8.10, 9.04(, and Debian unstable). However, in the
source package, debian/README.Debian clearly states that you (as a
privileged user) should chmod 600 /etc/default/ddns3-client to protect
your password.
We could work around this issue by creating a debian/postinst to
Can we not simply change the file's permissions in the .deb's internal
tar archive? I recall testing other Ubuntu DDNS clients when I found
this bug and others did _not_ have an analogous problem, so they must
have found a decent solution.
--
World-readable config file is insecure
On 11/17/2008 08:54 PM, Tristan Schmelcher wrote:
Can we not simply change the file's permissions in the .deb's internal
tar archive? I recall testing other Ubuntu DDNS clients when I found
this bug and others did _not_ have an analogous problem, so they must
have found a decent solution.
** Visibility changed to: Public
--
World-readable config file is insecure
https://bugs.launchpad.net/bugs/174997
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com