Bug#598827: strongswan-starter: at least /etc/ipsec.d/private should be created in mode 700

Wed, 01 Jun 2011 09:12:28 -0700 

tag 598827 + security patch sid wheezy squeeze
severity 598827 important
thanks

Hi,

I'm not too sure why this bug is only wishlist, I'm raising it to
important.

It seems that the debian/rules is chmoding the directory to 700:
chmod 700 -R debian/strongswan-starter/etc/ipsec.d/private/

But for some reasons these permissions are not in the resulting package.

Also, there is a lintian overides:

I: strongswan-starter: unused-override non-standard-dir-perm var/lib/openswan/ 
0700 != 0755

I guess that /var/lib/strongswan (not openswan) should also set to 700.

Here a patch that fix permission on both directories (and fix
the override as an extra)

Cheers

Laurent Bigonville
diff -Nru strongswan-4.5.2/debian/rules strongswan-4.5.2/debian/rules
--- strongswan-4.5.2/debian/rules	2011-05-25 10:48:42.000000000 +0200
+++ strongswan-4.5.2/debian/rules	2011-06-01 18:04:13.000000000 +0200
@@ -115,6 +115,7 @@
 	chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets
 	#chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf
 	chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/
+	chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/
 	# don't know why they come with +x set by default...
 	#chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/policies/*
 	#chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/examples/*
@@ -153,7 +154,6 @@
 binary-common:
 	dh_testdir
 	dh_testroot
-	dh_installdirs
 	dh_installinit --name=ipsec
 	dh_installdebconf
 	dh_installchangelogs NEWS
@@ -161,7 +161,7 @@
 	dh_link
 	dh_strip --dbg-package=strongswan-dbg
 	dh_compress
-	dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d
+	dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d/private -X var/lib/strongswan
 	dh_lintian
 	dh_makeshlibs
 	dh_installdeb
diff -Nru strongswan-4.5.2/debian/strongswan-starter.lintian-overrides strongswan-4.5.2/debian/strongswan-starter.lintian-overrides
--- strongswan-4.5.2/debian/strongswan-starter.lintian-overrides	2011-05-25 10:48:42.000000000 +0200
+++ strongswan-4.5.2/debian/strongswan-starter.lintian-overrides	2011-06-01 17:14:53.000000000 +0200
@@ -1,4 +1,4 @@
 # as here private data is stored we need tighter perms here
 strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755
 strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644
-strongswan-starter: non-standard-dir-perm var/lib/openswan/ 0700 != 0755
+strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755

Reply via email to