[Pkg-citadel-devel] Bug#684964: citadel-server: world writable config file: /etc/citadel/netconfigs/7

Andreas Beckmann debian at abeckmann.de
Mon Jan 21 16:00:18 UTC 2013


On 2012-12-06 14:47, Michael Meskes wrote:
> On Wed, Aug 15, 2012 at 10:14:02AM +0200, Andreas Beckmann wrote:
>> during an experimental test with piuparts I noticed that your package
>> creates a world writable config file:
>>
>>     -rw-rw-rw- 1 citadel root 11 Aug  8 09:45 /etc/citadel/netconfigs/7

> Could you please tell us how you created that file? Just installing 8.14-2? Or
> did you install 8.14-2 over an old version that already had the file? I just
> purged and re-installed my test installation and cannot see a trace of file.

Doing piuparts tests in any of your scenarios produces that file, fresh
installation in minimal lenny, squeeze, wheezy, sid chroots as well as
an upgrade to the next distro(s).

In lenny there are even a few more bad permissioned files:

  ERROR: BAD PERMISSIONS
  -rw-rw-rw- 1 citadel root    56 Dec 19 03:15 /etc/citadel/citadel.control
  -rw-rw-rw- 1 citadel root    11 Dec 19 03:14 /etc/citadel/netconfigs/7
  -rw-rw-rw- 1 citadel citadel 32 Dec 19 03:15
/etc/citadel/refcount_adjustments.dat

These survive over an upgrade to squeeze and to wheezy (via squeeze).


Andreas



More information about the Pkg-citadel-devel mailing list