Bug#354450: by default, replog files can be read by anyone

Sun, 26 Feb 2006 05:48:04 -0800 

Package: slapd
Version: 2.2.26-5
Severity: normal

Install and configure slapd with debconf, and then enable the replog option in 
slapd.conf.

By default, the replog file is created with mode 644, and can be read by anyone 
(/var/lib/ldap is 644 too).

The slapd initscript should detect this and send a warning, or maybe a note to 
the default slapd.conf should be added.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages slapd depends on:
ii  coreutils [fileutils]         5.93-5     The GNU core utilities
ii  debconf                       1.4.70     Debian configuration management sy
ii  fileutils                     5.93-5     The GNU file management utilities 
ii  libc6                         2.3.6-1    GNU C Library: Shared libraries an
ii  libdb4.2                      4.2.52-23  Berkeley v4.2 Database Libraries [
ii  libiodbc2                     3.52.4-2   iODBC Driver Manager
ii  libldap-2.2-7                 2.2.26-5   OpenLDAP libraries
ii  libltdl3                      1.5.22-2   A system independent dlopen wrappe
ii  libperl5.8                    5.8.8-2    Shared Perl library
ii  libsasl2                      2.1.19-1.7 Authentication abstraction library
ii  libslp1                       1.2.1-3    OpenSLP libraries
ii  libssl0.9.8                   0.9.8a-5   SSL shared libraries
ii  libwrap0                      7.6.dbs-8  Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-perl]    5.8.8-2    Larry Wall's Practical Extraction 
ii  psmisc                        22.1-1     Utilities that use the proc filesy

Versions of packages slapd recommends:
ii  db4.2-util                    4.2.52-23  Berkeley v4.2 Database Utilities
pn  libsasl2-modules              <none>     (no description available)

-- debconf information:
  slapd/fix_directory: true
* shared/organization: MAFIA
  slapd/upgrade_slapcat_failure:
* slapd/backend: LDBM
* slapd/allow_ldap_v2: false
* slapd/no_configuration: false
* slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/slave_databases_require_updateref:
* slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/autoconf_modules: true
* slapd/domain: linbox.com
  slapd/password_mismatch:
* slapd/invalid_config: true
  slapd/upgrade_slapadd_failure:
* slapd/dump_database: when needed
* slapd/migrate_ldbm_to_bdb: false
* slapd/purge_database: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to