[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lower freeipmi.conf permission as it could contain sensitive informa
|
From: |
Fabio Fantoni |
|
Subject: |
Re: Lower freeipmi.conf permission as it could contain sensitive informations |
|
Date: |
Sun, 7 Feb 2021 20:13:44 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
Il 07/02/2021 20:08, Al Chu ha scritto:
> On Sun, 2021-02-07 at 19:34 +0100, Fabio Fantoni wrote:
>> Il 07/02/2021 19:10, Al Chu ha scritto:
>>> Hi Fabio,
>>>
>>> Thanks, I've decreased it and other conf files to 640. I never
>>> caught
>>> this b/c the permissions were overwritten to 0600 in the RPM spec
>>> files.
>> thanks, decrease all conf files is not needed if not all them can
>> contain sensitive informations (like username/password) FWIK, I did a
>> fast look and seems:
>>
>> - freeipmi.conf ipmiseld.conf libipmiconsole.conf can contain
>> sensitive
>> informations
>>
>> - freeipmi_interpret_sel.conf freeipmi_interpret_sensor.conf
>> ipmidetect.conf ipmidetectd.conf don't can contain sensitive
>> informations
>>
>> is it correct?
> I decided to decrease all the conf files to 0640 except for the
> "freeipmi_interpret_*.conf" files.
>
> Al
thanks
>
>
>>> Al
>>>
>>> On Sun, 2021-02-07 at 13:17 +0100, Fabio Fantoni wrote:
>>>> Hi, freeipmi.conf could contain sensitive informations, default
>>>> permission setted to it by build (in etc/Makefile.am) is 644,
>>>> debian
>>>> decreased it in packaging after build very long time ago
>>>> (
>>>> https://salsa.debian.org/debian/freeipmi/-/blob/master/debian/rules
>>>> )
>>>> .
>>>>
>>>> I think is good decrease it also upstream from 644 to 640
>>>> (removing
>>>> read
>>>> permission to others).
>>>>
>>>> Thanks for any reply and sorry for my bad english.
>>>>
>>>>
>>