[Bug 515087] Re: /etc/aiccu.conf world readable by default
Jamie Strandboge
jamie at ubuntu.com
Mon Feb 8 23:35:40 UTC 2010
The problem seems to be this bit in postinst:
if [ "$USERNAME" = "" ]; then
# Not configured yet, thus skip
exit 0;
fi
The end of postinst has this:
chmod 600 $CONFIGFILE
So what is happening is that in the default Ubuntu install the user is
not prompted with debconf questions, so USERNAME is not set and the
$CONFIGFILE is then never chmod 600'd. If the file is configured
manually rather than via debconf, it will remain world-readable.
If someone wants to prepare (and test! :) debdiffs for hardy - karmic to do something like (untested):
test -e "$CONFIGFILE" && chmod 600 "$CONFIGFILE"
if [ "$USERNAME" = "" ]; then
# Not configured yet, thus skip
exit 0;
fi
then we can upload that through -security. Unsubscribing ubuntu-
security-sponsors. Please file an upstream bug with Debian since Debian
Lenny is also affected, and get their input (as a Universe package, I
only briefly looked at the issue and may not have seen everything).
Please resubscribe after attaching debdiffs (preferably based on
Debian's work) and comment on the testing performed.
** Changed in: aiccu (Ubuntu Hardy)
Status: Confirmed => Triaged
** Changed in: aiccu (Ubuntu Intrepid)
Status: Confirmed => Triaged
** Changed in: aiccu (Ubuntu Jaunty)
Status: Confirmed => Triaged
** Changed in: aiccu (Ubuntu Karmic)
Status: Confirmed => Triaged
--
/etc/aiccu.conf world readable by default
https://bugs.launchpad.net/bugs/515087
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list