On Mon, Dec 02, 2013 at 09:42:24PM +0100, Evgeni Golov wrote:
> > The daemon is run as the `bley` user. So this means that it can rewrite
> > its own configuration file. That's unusal and bad for security.
> >
> > Also, given that the secrets are all in dbconfig-common.conf, why not
> > make bley.conf simply world readable?
> >
> > I have made the following local changes and they works fine:
> >
> > drwxr-xr-x 2 root bley 4096 déc. 2 10:45 bley
> > -rw-r--r-- 1 root root 1101 déc. 2 10:45 bley/bley.conf
> > -rw-r----- 1 root bley 81 déc. 1 15:39 bley/dbconfig-common.conf
> >
> > This looks much more safe and idiomatic to me.
>
> Your finding is correct, but I must admit I never played with the perms
> (and expected dpkg to get them right). Will have a look into making this
> saner -- or do you have a patch handy already? :)
I stand corrected. I do perms in postinst...
How about the following?
--- a/debian/bley.postinst
+++ b/debian/bley.postinst
@@ -23,14 +23,15 @@ case "$1" in
fi
if ! dpkg-statoverride --list /etc/bley/bley.conf >/dev/null; then
- chown bley:bley /etc/bley/bley.conf
- chmod 600 /etc/bley/bley.conf
+ chown root:bley /etc/bley/bley.conf
+ chmod 640 /etc/bley/bley.conf
fi
. /usr/share/debconf/confmodule
. /usr/share/dbconfig-common/dpkg/postinst
dbc_generate_include_args="-o
template_infile=/usr/share/bley/bley.conf.template"
- dbc_generate_include_owner="bley"
+ dbc_generate_include_owner="root:bley"
+ dbc_generate_include_perms=640
dbc_generate_include=template:/etc/bley/dbconfig-common.conf
dbc_go bley $@
# db_stop is needed, or configure will hang forever
bley.conf should not be world-readable, as it contains the db password
when dbconfig-common is not used.
Btw, I wonder, I would have expected /etc/bley be 750, not 755 as in
your paste above.
--
Bruce Schneier can read and understand Perl programs.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
