[Bug 642231] New: permissions are too permissive by far for /etc/sysconfig/network/ifcfg-*
https://bugzilla.novell.com/show_bug.cgi?id=642231 https://bugzilla.novell.com/show_bug.cgi?id=642231#c0 Summary: permissions are too permissive by far for /etc/sysconfig/network/ifcfg-* Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: openSUSE 11.3 Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dieter.jurzitza@t-online.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.1 Firefox/3.6.6 The permissions of the files above default to root.root 0644, what is very bad IMHO. Given ifcfg-eth1 would be a wireless lan card, the password can be found without encryption in this file - world readable. This should not be the case IMHO and is a severe security violation. Please fix ASAP. The permissions ought to be 0400 with root.root, nothing else. Reproducible: Always Steps to Reproduce: 1. Configure wireless card from within yast 2. check the permissions of /etc/sysconfig/network/ifcfg-* 3. should not be the case Actual Results: see above Expected Results: secure permission settings -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c2
--- Comment #2 from Dieter Jurzitza
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c3
--- Comment #3 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c4
--- Comment #4 from Marius Tomaschewski
Well, at home I took a look into my openSUSE 11.1, there the wlan interface is called "ath" rather than "eth"
In case of wlan interfaces it may be "wlan", "eth", or also "ath", "ra", ... The name depends on the driver in the kernel, that assigns the interface names. There are different drivers on 11.1 (ath_pci) and 11.3 (ath5k or ath9k)... You can rename it adopting the /etc/udev/rules.d/70-persistent-net.rules file (that matches the hardware and assigns a persistent interface name for it). See also /lib/udev/rules.d/75-persistent-net-generator.rules - AFAIR default is to use same name base as the driver. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c5
--- Comment #5 from Dieter Jurzitza
You can rename it adopting the /etc/udev/rules.d/70-persistent-net.rules file (that matches the hardware and assigns a persistent interface name for it). See also /lib/udev/rules.d/75-persistent-net-generator.rules - AFAIR default is to use same name base as the driver.
I know. This is not the point here - just wanted to mention. The "good" solution would be to do something as suggested in #3, basically generate a new /etc/lanpasswd (wherever, whatever name ...) similar to /etc/passwd and put such information there - with an appropriate encryption mechanism. The quick fix IMHO would be to add a chmod 0400 / chown root.root for each and every ifcfg-** - file into yast - that _should_ be done to 11.3 at least because this fix is a showstopper for me - given this, wireless passwords are just for fun. Thank you for looking into this Dieter Jurzitza -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c6
--- Comment #6 from Marius Tomaschewski
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c7
Michal Zugec
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c8
Dieter Jurzitza
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c9
Michal Zugec
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c10
Dieter Jurzitza
https://bugzilla.novell.com/show_bug.cgi?id=642231
https://bugzilla.novell.com/show_bug.cgi?id=642231#c11
Michal Zugec
participants (1)
-
bugzilla_noreply@novell.com