[CentOS-docs] VPNC article

On Thu, Feb 12, 2009 at 05:13:27PM +0100, Christoph Maser wrote:
> Am Donnerstag, den 12.02.2009, 16:44 +0100 schrieb Scott Robbins:
> > On Thu, Feb 12, 2009 at 10:23:01AM -0500, R P Herrold wrote:
> > > On Wed, 11 Feb 2009, Scott Robbins wrote:
> > >
> > > The article asserts clear packaging permissions  problems
> > > exist.  Have these been upstreamed?
> >
> > By upstream do you mean the source code itself?
> >
> > The program built from source doesn't have that issue.  On the other
> > hand, without trying to read Dag's mind, I simply guessed that it was
> > either minor oversight or a small additional securiy layer.  (Assuming


> The permissions on the files in dags RPM:
> 
>  rpm -qlvp vpnc-0.5.3-1.el5.rf.i386.rpm
> [...]
> -rw-------    1 root    root                      157 Jan 19
> 16:35 /etc/vpnc/vpnc.conf
> -rw-------    1 root    root                    14995 Jan 19
> 16:35 /etc/vpnc/vpnc-script
> 
> 
> I assume 600,root,root is ok for the config file, or do you really need
> 700 as the article indicates? I will update the permissions of
> vpnc-script to be 700

The article should only indicate that you should change the permissions
for the vpnc-script file.  (quickly doublechecks.)  

Argh, the other was a typo.   The description was correct (I said chmod
to read/write for root) and I just fixed the command, so it now reads
correctly.  Thank you VERY much for catching it, and apologies.)

So, vpnc-script should be 700 for root and the default vpnc.conf is
probably not used anyway, since it does provide the pcf2vpnc.  Even if
used, current permissions are fine. 


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Principal Snyder: It's fuzzy-minded liberal thinking like that 
that gets you eaten.