[Bug 1191224] New: wireguard-tools: /etc/wireguard permissions should be 700 instead of 755

http://bugzilla.opensuse.org/show_bug.cgi?id=1191224 Bug ID: 1191224 Summary: wireguard-tools: /etc/wireguard permissions should be 700 instead of 755 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: teogramm@outlook.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The /etc/wireguard directory created by the wireguard-tools package, has 755 permissions by default. The permissions should be 700 as the directory contains configuration files that include the private keys of a wireguard interface. The upstream makefile sets the permissions to 700, as can be seen here https://git.zx2c4.com/wireguard-tools/tree/src/Makefile (line 99). Tested on: Tumbleweed 20210928, Leap 15.3 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1191224 http://bugzilla.opensuse.org/show_bug.cgi?id=1191224#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |Andreas.Stieger@gmx.de, | |mardnh@gmx.de Assignee|screening-team-bugs@suse.de |bwiedemann@suse.com Summary|wireguard-tools: |VUL-0: wireguard-tools: |/etc/wireguard permissions |/etc/wireguard |should be 700 instead of |world-readable permissions |755 |expose private keys --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Looks like a CWE-276 in our package, from this superfluous line in the spec:
install -d %{buildroot}/%{_sysconfdir}/wireguard/
-- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1191224 http://bugzilla.opensuse.org/show_bug.cgi?id=1191224#c2 --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://build.opensuse.org/request/show/922669 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com