Bug#777706: marked as done (nut-monitor: insecure storage of password)

Tue, 17 Feb 2015 01:37:14 -0800 

Your message dated Tue, 17 Feb 2015 09:34:47 +0000
with message-id <e1yneyj-0006tr...@franck.debian.org>
and subject line Bug#777706: fixed in nut 2.7.2-2
has caused the Debian Bug report #777706,
regarding nut-monitor: insecure storage of password
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
777706: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: nut-monitor
Version: 2.7.2-1.1
Severity: normal

After discovering how to save and use Favorites with NUT-Monitor (see
#777680 for the steps I performed), I wanted to know how and where
NUT-Monitor stored its configuration.

I found the configuration in ~/.nut-monitor/favorites.ini and was
surprised to find both the file and the directory it is in were
apparently created with my umask=0022 applied, (which is not an
uncommon setting,) i.e. the directory ~/.nut-monitor was mode 755 and
the file ~/.nut-monitor/favorites.ini was mode 644.

Because this file may contain crypted passwords if authentication was
enabled, permissions on the file should be more restrictive.

I manually corrected this with:

$ chmod 700 ~/.nut-monitor
$ chmod 600 ~/.nut-monitor/favorites.ini

Please ensure NUT-Monitor adequately protects the password from prying
eyes, either restricting access to the directory, or the file, or
both, as you see fit.

Thanks,
Ben

--- End Message ---
--- Begin Message --- 
Source: nut
Source-Version: 2.7.2-2

We believe that the bug you reported is fixed in the latest version of
nut, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bi...@debian.org> (supplier of updated nut package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Feb 2015 09:54:11 +0100
Source: nut
Binary: nut nut-server nut-client nut-cgi nut-snmp nut-ipmi nut-xml 
nut-powerman-pdu nut-doc libupsclient4 libupsclient-dev python-nut nut-monitor 
libups-nut-perl
Architecture: source all amd64
Version: 2.7.2-2
Distribution: unstable
Urgency: medium
Maintainer: Arnaud Quette <aque...@debian.org>
Changed-By: Laurent Bigonville <bi...@debian.org>
Description:
 libups-nut-perl - network UPS tools - Perl bindings for NUT server
 libupsclient-dev - network UPS tools - development files
 libupsclient4 - network UPS tools - client library
 nut        - network UPS tools - metapackage
 nut-cgi    - network UPS tools - web interface
 nut-client - network UPS tools - clients
 nut-doc    - network UPS tools - documentation
 nut-ipmi   - network UPS tools - IPMI driver
 nut-monitor - network UPS tools - GUI application to monitor UPS status
 nut-powerman-pdu - network UPS tools - PowerMan PDU driver
 nut-server - network UPS tools - core system
 nut-snmp   - network UPS tools - SNMP driver
 nut-xml    - network UPS tools - XML/HTTP driver
 python-nut - network UPS tools - Python bindings for NUT server
Closes: 747863 777706
Changes:
 nut (2.7.2-2) unstable; urgency=medium
 .
   [ Laurent Bigonville ]
   * debian/gbp.conf: Switch to debian-jessie branch
   * debian/rules: Revert the changes made in the previous NMU, I don't think
     that dropping the .service file that late in the release cycle is a good
     idea and anyway this was causing left-over files on upgrade.
   * Add wrappers that check the MODE in /etc/nut/nut.conf to avoid starting
     the daemons if nut is not configured (Closes: #747863).
 .
   [ Michael Fincham ]
   * Add patch that detects and corrects unsafe permissions on ~/.nut-monitor
     left over from old installations during NUT-Monitor startup.
     (Closes: #777706)
Checksums-Sha1:
 d0eebbf10154e07986bd91d9e2123866df7091c0 2710 nut_2.7.2-2.dsc
 099b0d4e637130c10dcffa77a829bca3ce2c65cd 53328 nut_2.7.2-2.debian.tar.xz
 e5dcba3ac15c76e0e029acb07fba0d90878b6cd7 207146 nut_2.7.2-2_all.deb
 2425e11fd9102d27973df2f394f55f4c07c6362a 1958788 nut-doc_2.7.2-2_all.deb
 c516fd235c8ef480feac2e3d7073e31718ae5af0 132174 python-nut_2.7.2-2_all.deb
 384855687a76438196a373df3b65c247b0985007 158112 nut-monitor_2.7.2-2_all.deb
 cc039af5f03ad2167de891479ea008a395e92458 136872 libups-nut-perl_2.7.2-2_all.deb
 3c3bd48fde30e18cc1ecaaaf1784150f57eb2366 749668 nut-server_2.7.2-2_amd64.deb
 ec29c9ebb7c220c1da8631e3c78195e9fc92d05f 214996 nut-client_2.7.2-2_amd64.deb
 beece403d46e471ab26e0c9777e3c32155b4b37d 175228 nut-cgi_2.7.2-2_amd64.deb
 0d7085b1310aca0d685e8996dc164ce631e11320 167200 nut-snmp_2.7.2-2_amd64.deb
 77ed206f236727f9f0e4464f462730f5bdd1c6e6 156086 nut-ipmi_2.7.2-2_amd64.deb
 7958ccd27c499087f039c8ce32e3e3bfc817ab2c 161944 nut-xml_2.7.2-2_amd64.deb
 ea114e6fa729687e27d475066093ff13c8c35178 151768 
nut-powerman-pdu_2.7.2-2_amd64.deb
 734b01b83e3e09f60ec2394c2fbec54cdc609c23 148246 libupsclient4_2.7.2-2_amd64.deb
 c07585d72158d3f66053f54b43e6cc9fcbc5a805 187384 
libupsclient-dev_2.7.2-2_amd64.deb
Checksums-Sha256:
 32fea4684bb3242bde846d9ba4beda5e7e7025204d415776755f3e42b0c56af8 2710 
nut_2.7.2-2.dsc
 aa1db7433bfee61be2f5370cfc320bf50a0608e329e8eda6ba9c63675a70ad2b 53328 
nut_2.7.2-2.debian.tar.xz
 c3aeac5a090bbe9c3851c60e1a745a92dd17de00715bc4b89c2ff9713d379c51 207146 
nut_2.7.2-2_all.deb
 8a6e06f5a0c5ec7a224b56b1eb7069e6ea30c7e6ac4db0561d347901f68adb9d 1958788 
nut-doc_2.7.2-2_all.deb
 15957d306bfd9a940ed959a82d9aaf2dba1f2a14d4366df38c6e48a8f0ba219c 132174 
python-nut_2.7.2-2_all.deb
 106376ea7b010df0b9559fd78aac5c53f3cef9090e90ae4174ab88babded1227 158112 
nut-monitor_2.7.2-2_all.deb
 c896d050a187ded624663ea2478767f5bd2990758e0c4a344d1865bf2f3b491e 136872 
libups-nut-perl_2.7.2-2_all.deb
 832b76fd226be503933d4312beeaa81fe2558e1ce42e761982625f3872808b01 749668 
nut-server_2.7.2-2_amd64.deb
 880dbc8ad6592e4056789147f9bb02cb14755a4b6260e641497007152bdb60de 214996 
nut-client_2.7.2-2_amd64.deb
 295125b17fe5da6a4c87ceb0cc6e2089759ea4b52fba07c73c5de7424c0373a6 175228 
nut-cgi_2.7.2-2_amd64.deb
 58f40564bac7776902c84333ae0010a311dbd0fd7c8c56906918b56ce638b2da 167200 
nut-snmp_2.7.2-2_amd64.deb
 444ae02cc231be0754989cfa662221da969ebda2aa667ded8d45a6a8d4f62570 156086 
nut-ipmi_2.7.2-2_amd64.deb
 db9448bbd1c29c752eacbeb8e00b6fa456cc5fb34357365e7982042ab8b72497 161944 
nut-xml_2.7.2-2_amd64.deb
 268b32e40748ffa61ceb24de01312df3e4e9f1b35dfd69b7db305c58d1d3f988 151768 
nut-powerman-pdu_2.7.2-2_amd64.deb
 ce3a747f49358aee961121b8a48390f4685925d1430207fd753eea3e5b84919a 148246 
libupsclient4_2.7.2-2_amd64.deb
 965a5d1a141deea30c06fb0334d7381cfaa2fd13d07869eb4bea1a84c8c5099f 187384 
libupsclient-dev_2.7.2-2_amd64.deb
Files:
 11443bac6e5176901e1f7437b49deb1c 2710 admin optional nut_2.7.2-2.dsc
 641929448bec6cebc959cfaff303b50e 53328 admin optional nut_2.7.2-2.debian.tar.xz
 3123b316851057d930940256bf91ce11 207146 metapackages optional 
nut_2.7.2-2_all.deb
 b206e2915d796ef454b98df9cc8d8e5c 1958788 doc optional nut-doc_2.7.2-2_all.deb
 a5538a6d80d057e72d1f44c999df9e8a 132174 python optional 
python-nut_2.7.2-2_all.deb
 19a511a9e7d8f27aef3e094a94dfa146 158112 admin optional 
nut-monitor_2.7.2-2_all.deb
 462a7005a629a3296295e6c382514c64 136872 perl optional 
libups-nut-perl_2.7.2-2_all.deb
 e309a95a487441c888edf583ba3c2c56 749668 admin optional 
nut-server_2.7.2-2_amd64.deb
 d578fd94f26695064bac7e65bc7cdd23 214996 admin optional 
nut-client_2.7.2-2_amd64.deb
 89af4d590913b0129c61fc41c3665569 175228 admin optional 
nut-cgi_2.7.2-2_amd64.deb
 b870b6b946d2a95d0885f98a5f8a4c13 167200 admin optional 
nut-snmp_2.7.2-2_amd64.deb
 055cdb181791463ab50ef213fa285943 156086 admin optional 
nut-ipmi_2.7.2-2_amd64.deb
 4b333cc4d04550de8654ff9ed6daff74 161944 admin optional 
nut-xml_2.7.2-2_amd64.deb
 a04b0bbae9d124b15023902f82f06bf5 151768 admin extra 
nut-powerman-pdu_2.7.2-2_amd64.deb
 22efc3a98e457239134a0c66ce950ac7 148246 libs optional 
libupsclient4_2.7.2-2_amd64.deb
 2072cc0e88f21af2dcd07e14cb344b21 187384 libdevel optional 
libupsclient-dev_2.7.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJU4wncAAoJEB/FiR66sEPVRzEH/2+KTJ4MWJGqnKKZR34+kEBi
kGZqs98kALynH+DTg205LFa2OofxSOpnlyFZbZU9lotI04Q/PJZ/eFw2O1n06vNZ
5RGjDOkylU/AIx+zb/BatTEoqWhFrEf9rEjQ/TqfQvxLVqMI9MD+rJuhQYwt5tmY
jdMnSp5kjXqEOS7mQPdPxDdPieR8i6+oaItcleJhyJM5QRrRTFEZOuBqK41CkOBG
YUeRRFYRzVOXlFGcQp2yTqoLGYXMN9pmGVXU56uIh5jXPA/jdL7+qFRibs4QqWOE
e9SEE+SFdWCsUj0d4dWD1v6MS+ry8xOdW4BfEcWl7dgxotokhTIYiF/Sf38bOyA=
=Cdga
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to