Bug#481765: marked as done (exim4-base: con.monthly recreate gnutls-params without read access)

Thu, 22 May 2008 05:03:48 -0700 

On 2008-05-22 Marc Haber <[EMAIL PROTECTED]> wrote:
> On Thu, May 22, 2008 at 10:44:58AM +0200, Andreas Metzler wrote:
> > I think there really is bug here, /var/spool/exim4/gnutls-params
> > should not generate its output with root:root 600 but either
> > root:Debian-exim 640 (if it contains sensible data) or 644 root:root
> > if not.

> That one was fixed in 4.69-5.

This bug (gnutls-params unreadable for exim daemon), was *introduced*
in 4.69-5. Previously the file was 400 Debian-exim:Debian-exim, but
now it is 0400 root:root. - The file mode is set by tempfile(1).

-------------------------------------------------
[EMAIL PROTECTED]:~/SVN/exim/trunk/debian$ svn diff 
svn+ssh://svn.debian.org/srv/svn.debian.org/svn/pkg-exim4/exim/tags/4.69-4/debian/exim4_refresh_gnutls-params
 svn+ssh://svn.debian.org/srv/svn.debian.org/s
vn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params
Index: exim4_refresh_gnutls-params
===================================================================
--- exim4_refresh_gnutls-params 
(.../tags/4.69-4/debian/exim4_refresh_gnutls-params)    (Revision 2286)
+++ exim4_refresh_gnutls-params (.../trunk/debian/exim4_refresh_gnutls-params)  
(Revision 2286)
@@ -37,8 +37,6 @@
   if /usr/share/exim4/timeout.pl \
       "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits 2048 \
       > "$tempgnutls" 2> /dev/null ; then
-    chown Debian-exim:Debian-exim "$tempgnutls"
-    chmod 400 "$tempgnutls"
     mv -f "$tempgnutls" "$PARAMFILE"
   else
     rm -f "$tempgnutls"
-------------------------------------------------


This would fix it:
--- exim4_refresh_gnutls-params (Revision 2286)
+++ exim4_refresh_gnutls-params (Arbeitskopie)
@@ -37,6 +37,7 @@
   if /usr/share/exim4/timeout.pl \
       "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits 2048 \
       > "$tempgnutls" 2> /dev/null ; then
+    chmod 644 "$tempgnutls"
     mv -f "$tempgnutls" "$PARAMFILE"
   else
     rm -f "$tempgnutls"

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to