Bug #1134
/etc/libuser.conf is world-readable
Status: | CLOSED | Start date: | 05/22/2012 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 05/22/2012 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-directory | |||
Target version: | DEV104 | |||
Security class: | Resolution: | |||
Affected version: | DEV103 | NEEDINFO: |
Description
/etc/libuser.conf
stores the ldap password in plain text format.
The file must be readable to the root user only.
Associated revisions
/etc/libuser.conf template metadata: fixed libuser.conf permission bits. Fixes #1134 /etc/libuser.conf is world-readable
History
#1 Updated by Davide Principi about 9 years ago
To workaround this problem we have a patch to libuser-0.57.6
that enables LDAPI protocol
0.57.6 is shipped in FC17
#2 Updated by Davide Principi about 9 years ago
- Status changed from NEW to MODIFIED
- % Done changed from 0 to 100
Applied in changeset commit:80873bff0c92a863af91d7d01da88884b12dff90.
#3 Updated by Davide Principi about 9 years ago
- Due date set to 05/22/2012
- Status changed from MODIFIED to 7
- Assignee set to Davide Principi
- Start date set to 05/22/2012
- Estimated time changed from 4.00 to 1.00
No problem occurs if the libuser client tool are runned with root privileges, that is the common case.
#4 Updated by Davide Principi over 8 years ago
- Project changed from 47 to NethServer 6