Bug#481765: marked as done (exim4-base: con.monthly recreate gnutls-params without read access)

Andreas Metzler ametzler at downhill.at.eu.org
Thu May 22 11:52:24 UTC 2008 

On 2008-05-22 Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> On Thu, May 22, 2008 at 10:44:58AM +0200, Andreas Metzler wrote:
> > I think there really is bug here, /var/spool/exim4/gnutls-params
> > should not generate its output with root:root 600 but either
> > root:Debian-exim 640 (if it contains sensible data) or 644 root:root
> > if not.

> That one was fixed in 4.69-5.

This bug (gnutls-params unreadable for exim daemon), was *introduced*
in 4.69-5. Previously the file was 400 Debian-exim:Debian-exim, but
now it is 0400 root:root. - The file mode is set by tempfile(1).

-------------------------------------------------
ametzler at argenau:~/SVN/exim/trunk/debian$ svn diff svn+ssh://svn.debian.org/srv/svn.debian.org/svn/pkg-exim4/exim/tags/4.69-4/debian/exim4_refresh_gnutls-params svn+ssh://svn.debian.org/srv/svn.debian.org/s
vn/pkg-exim4/exim/trunk/debian/exim4_refresh_gnutls-params
Index: exim4_refresh_gnutls-params
===================================================================
--- exim4_refresh_gnutls-params (.../tags/4.69-4/debian/exim4_refresh_gnutls-params)    (Revision 2286)
+++ exim4_refresh_gnutls-params (.../trunk/debian/exim4_refresh_gnutls-params)  (Revision 2286)
@@ -37,8 +37,6 @@
   if /usr/share/exim4/timeout.pl \
       "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits 2048 \
       > "$tempgnutls" 2> /dev/null ; then
-    chown Debian-exim:Debian-exim "$tempgnutls"
-    chmod 400 "$tempgnutls"
     mv -f "$tempgnutls" "$PARAMFILE"
   else
     rm -f "$tempgnutls"
-------------------------------------------------


This would fix it:
--- exim4_refresh_gnutls-params (Revision 2286)
+++ exim4_refresh_gnutls-params (Arbeitskopie)
@@ -37,6 +37,7 @@
   if /usr/share/exim4/timeout.pl \
       "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits 2048 \
       > "$tempgnutls" 2> /dev/null ; then
+    chmod 644 "$tempgnutls"
     mv -f "$tempgnutls" "$PARAMFILE"
   else
     rm -f "$tempgnutls"

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-exim4-maintainers mailing list