Thijs Kinkhorst wrote:
On Thursday 27 March 2008 16:02, root wrote:
/etc/iscsi/iscsid.conf is world readable. When putting password in the
file it can be read by all users.
Thank you for your support. It is indeed true that the file is world-readable,
but as it doesn't contain any passwords by default, this is not a user
security hole. Of course the admin can add a password there, but that's fully
optional and a responsible admin will check the permissions of a file where
he puts a password in.
Of course the file could add a hint/warning to set it to non-readable when
setting the password, or even do it by default, but in both cases that would
be an enhancement, not a bugfix.
In deed, or a note in the readme file.
Thanks!
Rudy
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert [EMAIL PROTECTED] tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]