[Bug 1938442] [NEW] Wrong permissions on ~/.hplip/.gnupg

[Launchpad Bug Tracker]

You have been subscribed to a public bug by Sebastien Bacher (seb128):

[Impact]
* The directory ~/.hplip/.gnupg is readable by non-root users
* This directory contains only public keys, but should still
  have the permissions changed to 700 for privacy reasons

[Test Case]
* Install hplip and run `hp-plugin -i` 
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x
* rm -rf ~/.hplip and install hplip from -proposed
* run `hp-plugin -i` again
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx------

[Regression Potential]
* Because of file permissions becoming more restrictive,
  it is possible that some other hplip binaries would
  fail to read the .gnupg directory
* To ensure this isn't the case, testing should be done
  on different hplip use-cases to ensure they still
  function properly

[Original Description]
Hi,

we have a report in Fedora -
https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found
out that ~/.hplip/.gnupg directory has permissions 755 instead of 700.
Perms 700 prevent accessing the dir by other users, because the dir can
contain private keys.

However, .gnupg dir contains only a public key used in GPG verification
of HP plugin, so the matter isn't that critical, but it is good to have
it fixed.

The patch is attached.

** Affects: hplip
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu)
     Importance: Undecided
     Assignee: Till Kamppeter (till-kamppeter)
         Status: New

** Affects: fedora
     Importance: Unknown
         Status: Unknown


** Tags: patch
-- 
Wrong permissions on ~/.hplip/.gnupg
https://bugs.launchpad.net/bugs/1938442
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.