severity 472965 wishlist thanks Hi,
On Thursday 27 March 2008 16:02, root wrote: > /etc/iscsi/iscsid.conf is world readable. When putting password in the > file it can be read by all users. Thank you for your support. It is indeed true that the file is world-readable, but as it doesn't contain any passwords by default, this is not a user security hole. Of course the admin can add a password there, but that's fully optional and a responsible admin will check the permissions of a file where he puts a password in. Of course the file could add a hint/warning to set it to non-readable when setting the password, or even do it by default, but in both cases that would be an enhancement, not a bugfix. cheers, Thijs
pgpv8dc2EdRka.pgp
Description: PGP signature
