[Pkg-freeradius-maintainers] Bug#955206: freeradius: Daemon has write privilege to configuration

[Ferenc Wágner]

Source: freeradius
Version: 3.0.17+dfsg-1.1
Severity: wishlist

Dear Maintainer,

In the default installation freeradius runs as user freerad, which is
also the user owning the /etc/freeradius directory structure.  This
means that an arbitrary code execution compromise in the daemon means
immediate privilege escalation to root.  Isn't read permission enough
for most usual configurations?  If so, leaving the /etc/freeradius
structure owned by root would be a safer default in my opinion, please
consider switching to that.
-- 
Thanks,
Feri.