search

clearlinux / cve-check-tool

Original Automated CVE Checking Tool
GNU General Public License v2.0
204 stars 78 forks source link

defaults file is not world-readable by default #14

Closed sofar closed 9 years ago

sofar commented 9 years ago

access("/usr/local/share/defaults/cve-check-tool/cve-check-tool.conf", F_OK) = 0 open("/usr/local/share/defaults/cve-check-tool/cve-check-tool.conf", O_RDONLY) = -1 EACCES (Permission denied)

(wrong ACCESS check here, too)

Obviously a defaults file that has no password should not be installed 0600. Perhaps put a note in the file that if a user puts a password in this file they should consider changing permissions?

in this current form this is unusable by anyone but root, causing a file conflict, even if there is an /etc/ version installed.

ikeydoherty commented 9 years ago

Note added and explained in commit, thanks.