[Bug 174997] Re: World-readable config file is insecure

ddns3-client (1.8-11) * /etc/default/ddns3-client made readable by root only in debian/postinst -- Ian Maclaine-cross Wed, 16 Nov 2011 18:01:04 +1100 ** Changed in: ddns3-client (Ubuntu) Status: Confirmed => Fix Released ** Changed in: ddns3-client (Ubuntu)

[Bug 174997] Re: World-readable config file is insecure

Confirmed in 10.10 too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/174997 Title: World-readable config file is insecure -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com

[Bug 174997] Re: World-readable config file is insecure

Confirmed in 8.04, 8.10, 9.04(, and Debian unstable). However, in the source package, debian/README.Debian clearly states that you (as a privileged user) should chmod 600 /etc/default/ddns3-client to protect your password. We could work around this issue by creating a debian/postinst to

[Bug 174997] Re: World-readable config file is insecure

Can we not simply change the file's permissions in the .deb's internal tar archive? I recall testing other Ubuntu DDNS clients when I found this bug and others did _not_ have an analogous problem, so they must have found a decent solution. -- World-readable config file is insecure

Re: [Bug 174997] Re: World-readable config file is insecure

On 11/17/2008 08:54 PM, Tristan Schmelcher wrote: Can we not simply change the file's permissions in the .deb's internal tar archive? I recall testing other Ubuntu DDNS clients when I found this bug and others did _not_ have an analogous problem, so they must have found a decent solution.

[Bug 174997] Re: World-readable config file is insecure

** Visibility changed to: Public -- World-readable config file is insecure https://bugs.launchpad.net/bugs/174997 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com