Bug#954379: coturn: Make `/etc/turnserver.conf` non-worldreadable
Paul Menzel
pmenzel at molgen.mpg.de
Fri Mar 20 22:42:16 GMT 2020
Package: coturn
Version: 4.5.1.1-1.1
Severity: normal
Dear Debian folks,
Currently, the Debian package seems to install the configuration file as
world-readable.
$ ls -l /etc/turnserver.conf
-rw-r--r-- 1 root root 328 Mar 18 16:02 /etc/turnserver.conf
The upstream package installation only install
`/etc/turnserver.conf.example`.
If a user sets up a static secret in the configuration file, the access
modes should probably be restricted to root only, shouldn’t they?
Kind regards,
Paul
More information about the Pkg-voip-maintainers
mailing list