Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file readable by all

On Sat, Jul 07, 2007 at 07:28:50PM +0200, Filippo Giunchedi wrote: > On Thu, Oct 19, 2006 at 12:27:14AM +0200, Moritz Muehlenhoff wrote: > > Filippo Giunchedi wrote: > > > From what I can tell, when the user reaches the point where he cares > > > about not > > > having a default pin he can even ch

Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file readable by all

On Thu, Oct 19, 2006 at 12:27:14AM +0200, Moritz Muehlenhoff wrote: > Filippo Giunchedi wrote: > > From what I can tell, when the user reaches the point where he cares about > > not > > having a default pin he can even change permissions. My rationale being that > > bluetooth is not meant to be us

Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file readable by all

Filippo Giunchedi wrote: > From what I can tell, when the user reaches the point where he cares about not > having a default pin he can even change permissions. My rationale being that > bluetooth is not meant to be used in an hostile environment, moreover the > security features are rather "weak"

Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file readable by all

Hi Filippo, > > In most cases, this is just a minor bug. At least having a default pin > > and 'pairing multi' on by default are much bigger issues, but it's a > > security related deviation from upstream. I would like to see this fixed. > > From what I can tell, when the user reaches the point

Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file readable by all

[CCing upstream] On Mon, Oct 09, 2006 at 10:27:56AM +0300, Mikko Rapeli wrote: > On Mon, Oct 09, 2006 at 12:21:22AM +0200, Moritz Muehlenhoff wrote: > > Mikko Rapeli wrote: > > > This small bug affects sarge too so I'm cc'ing security. Attached patches > > > restrict the permissions for sarge and

Bug#390035: bluez-utils pin file readable by all

On Mon, Oct 09, 2006 at 12:21:22AM +0200, Moritz Muehlenhoff wrote: > Mikko Rapeli wrote: > > This small bug affects sarge too so I'm cc'ing security. Attached patches > > restrict the permissions for sarge and etch/sid so that non-root users can > > not read the default pin value used in Bluetoo

Bug#390035: bluez-utils pin file readable by all

Mikko Rapeli wrote: > This small bug affects sarge too so I'm cc'ing security. Attached patches > restrict the permissions for sarge and etch/sid so that non-root users can > not read the default pin value used in Bluetooth authentication. I know next to nothing about Bluetooth. What could a mal

Bug#390035: bluez-utils pin file readable by all

This small bug affects sarge too so I'm cc'ing security. Attached patches restrict the permissions for sarge and etch/sid so that non-root users can not read the default pin value used in Bluetooth authentication. The postinst script was manually tested with fresh installs and upgrades on both