Re: hola - security issue report thing
Hi Kurt, On Thu, Jul 11, 2002 at 03:10:58PM -0600, Kurt Seifried wrote:
the iscsi tarball and the vendor packages of it Ichecked so far create /etc/iscsi.conf world readable by default, it needs to contain usernames and passwords for the CHAP auth, no warning is given in the file, the default permissions should not be world readable, can you confirm this is the case (I'm just about to load up 8.0 on vmware to check, but figured email might be faster). This affects a number of vendors, but the fix is pretty trivial, so that's good.
Hm, I just checked the RPM permissions of linux-iscsi both on 8.0 and the current branch, and iscsi.conf is packaged mode 600 in both cases. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (1)
-
Olaf Kirch