[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lower freeipmi.conf permission as it could contain sensitive informa
|
From: |
Al Chu |
|
Subject: |
Re: Lower freeipmi.conf permission as it could contain sensitive informations |
|
Date: |
Sun, 07 Feb 2021 11:08:44 -0800 |
On Sun, 2021-02-07 at 19:34 +0100, Fabio Fantoni wrote:
> Il 07/02/2021 19:10, Al Chu ha scritto:
> > Hi Fabio,
> >
> > Thanks, I've decreased it and other conf files to 640. I never
> > caught
> > this b/c the permissions were overwritten to 0600 in the RPM spec
> > files.
>
> thanks, decrease all conf files is not needed if not all them can
> contain sensitive informations (like username/password) FWIK, I did a
> fast look and seems:
>
> - freeipmi.conf ipmiseld.conf libipmiconsole.conf can contain
> sensitive
> informations
>
> - freeipmi_interpret_sel.conf freeipmi_interpret_sensor.conf
> ipmidetect.conf ipmidetectd.conf don't can contain sensitive
> informations
>
> is it correct?
I decided to decrease all the conf files to 0640 except for the
"freeipmi_interpret_*.conf" files.
Al
>
> >
> > Al
> >
> > On Sun, 2021-02-07 at 13:17 +0100, Fabio Fantoni wrote:
> > > Hi, freeipmi.conf could contain sensitive informations, default
> > > permission setted to it by build (in etc/Makefile.am) is 644,
> > > debian
> > > decreased it in packaging after build very long time ago
> > > (
> > > https://salsa.debian.org/debian/freeipmi/-/blob/master/debian/rules
> > > )
> > > .
> > >
> > > I think is good decrease it also upstream from 644 to 640
> > > (removing
> > > read
> > > permission to others).
> > >
> > > Thanks for any reply and sorry for my bad english.
> > >
> > >
>
>