Bug #1134

/etc/libuser.conf is world-readable

Added by Davide Principi about 8 years ago. Updated over 7 years ago.

Status:CLOSEDStart date:05/22/2012
Priority:NormalDue date:05/22/2012
Assignee:-% Done:

100%

Category:nethserver-directory
Target version:DEV104
Security class: Resolution:
Affected version:DEV103 NEEDINFO:

Description

/etc/libuser.conf stores the ldap password in plain text format.

The file must be readable to the root user only.

Associated revisions

Revision 80873bff
Added by Davide Principi about 8 years ago

/etc/libuser.conf template metadata: fixed libuser.conf permission bits. Fixes #1134 /etc/libuser.conf is world-readable

History

#1 Updated by Davide Principi about 8 years ago

To workaround this problem we have a patch to libuser-0.57.6
that enables LDAPI protocol

0.57.6 is shipped in FC17

#2 Updated by Davide Principi about 8 years ago

  • Status changed from NEW to MODIFIED
  • % Done changed from 0 to 100

Applied in changeset commit:80873bff0c92a863af91d7d01da88884b12dff90.

#3 Updated by Davide Principi about 8 years ago

  • Due date set to 05/22/2012
  • Status changed from MODIFIED to 7
  • Assignee set to Davide Principi
  • Start date set to 05/22/2012
  • Estimated time changed from 4.00 to 1.00

No problem occurs if the libuser client tool are runned with root privileges, that is the common case.

#4 Updated by Davide Principi over 7 years ago

  • Project changed from 47 to NethServer 6

Also available in: Atom PDF