Closed lukasjuhrich closed 4 years ago
Good idea.
@sebschrader where/when has this been fixed?
It's been implemented in 2d7c459, but apparently I forgot to mention the issue in the message.
Home directories under /var/lib/hades
and the config directory /etc/hades
are still world-readable.
Why should subdirectories of /etc
not be world readable? Lots of other software does this and it does not impose a security risk a priori.
It depends on its contents. Not everything in /etc
is word readable, take /etc/ldap.secret
, /etc/ssl/private
, or /etc/shadow
for example.
In the case of Hades /etc/hades/config.py
, currently the only file in this directory, contains the VRRP secrets you wanted to protect with this issue. It doesn't make any sense to protect the generated config files, when the original source of data remains world readable.
This has been addressed.
Currently, all the files generated with
hades-generate-config.py
are created in python by just usingopen()
leaving them with the default mode-rw-r--r--
, which makes them world-readable. This is not desirable for files containing secrets, such asauth_vrrp/keepalived.conf
, wich contains the VRRP-Password.I propose to add a
mode
argument tohades-generate-config.py
and to change invocations in the systemd unit files by adding--mode=600
.Example (hades-auth-vrrp.service):
change
to