https://bugzilla.novell.com/show_bug.cgi?id=642231 https://bugzilla.novell.com/show_bug.cgi?id=642231#c0 Summary: permissions are too permissive by far for /etc/sysconfig/network/ifcfg-* Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: openSUSE 11.3 Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dieter.jurzitza@t-online.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.6) Gecko/20100626 SUSE/3.6.6-1.1 Firefox/3.6.6 The permissions of the files above default to root.root 0644, what is very bad IMHO. Given ifcfg-eth1 would be a wireless lan card, the password can be found without encryption in this file - world readable. This should not be the case IMHO and is a severe security violation. Please fix ASAP. The permissions ought to be 0400 with root.root, nothing else. Reproducible: Always Steps to Reproduce: 1. Configure wireless card from within yast 2. check the permissions of /etc/sysconfig/network/ifcfg-* 3. should not be the case Actual Results: see above Expected Results: secure permission settings -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.