[Pkg-swan-devel] Bug#933491: Bug#933491: swanctl.conf must not be world-readable
Yves-Alexis Perez
corsac at debian.org
Thu Aug 15 14:12:44 BST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, 2019-07-31 at 00:12 +0600, Vladimir Bezhenar wrote:
> By default file /etc/swanctl/swanctl.conf is world-readable
> (permissions 644). This file can contain passwords for EAP
> authentications, therefore it must not be world-readable, as this
> information is confidential.
Hey,
I'm not entirely sure I agree with this. I mean, it definitely make sense to
protect private assets, but that's why there are subfolders (with relevant
permissions) for private keys and stuff like that.
If people want to (or rather have to) use stuff like passwords, I think they
really should make sure those are not exposed by too wide permissions.
That beeing said, I'm not sure how much it “hurts” to have swanctl.conf (and
conf.d) not world readable by default. I'll ask upstream about that.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl1VWk0ACgkQ3rYcyPpX
RFuxYwgAtqhsyi0k68jUlmlPccwgDwy3gWpFKCm3NnrsdsmZ1CA2QJOluuAJf4r1
7bBpF6UnVZii5OqcZzqRSw3u6zg0sEEiTK7fWl2n870BxWC6COpigue+FTo+tWzf
m+PzVlBKZqRiDZkKITvX7bbCc4gtfDNFZxHKPGTSHbqN1z1B+6uVovECXFv5eI4Z
PnDn+7Tbxrtt5LDacFFn7/Oc36FbZXGlCbkQr5LqlLnGhhl6IBA17sLVRKWywdJp
AZ14hHp9+2A4z4EcKJjh1gCBO3n47j6rMLdliPcpt9sQ+S1YG9pBLVhFwDwzoJqR
Ep3j5/xrFv4kOleQgZ6iLOwiKCw2Sg==
=L9qn
-----END PGP SIGNATURE-----
More information about the Pkg-swan-devel
mailing list