[Pkg-freeradius-maintainers] Bug#890933: freeradius: File permissions allow access to sensitive information by "others"
Moritz Mühlenhoff
jmm at inutil.org
Tue Feb 20 21:33:23 UTC 2018
severity 890933 normal
thanks
On Tue, Feb 20, 2018 at 08:09:23PM +0100, Simon Boldinger wrote:
> Package: freeradius
> Severity: grave
> Tags: security
> Justification: user security hole
This is not correct, I explicitly stated that this is not a security issue:
If an administrator adds sensitive information to a config file
in /etc, it's the administrator's responsibility to adapt permissions
accordingly.
The questions is whether the default permissions are intentionally diverging
from the upstream defaults or not (i.e. just an oversight).
Cheers,
Moritz
More information about the Pkg-freeradius-maintainers
mailing list