On Thu, Feb 12, 2009 at 05:13:27PM +0100, Christoph Maser wrote: > Am Donnerstag, den 12.02.2009, 16:44 +0100 schrieb Scott Robbins: > > On Thu, Feb 12, 2009 at 10:23:01AM -0500, R P Herrold wrote: > > > On Wed, 11 Feb 2009, Scott Robbins wrote: > > > > > > The article asserts clear packaging permissions problems > > > exist. Have these been upstreamed? > > > > By upstream do you mean the source code itself? > > > > The program built from source doesn't have that issue. On the other > > hand, without trying to read Dag's mind, I simply guessed that it was > > either minor oversight or a small additional securiy layer. (Assuming > The permissions on the files in dags RPM: > > rpm -qlvp vpnc-0.5.3-1.el5.rf.i386.rpm > [...] > -rw------- 1 root root 157 Jan 19 > 16:35 /etc/vpnc/vpnc.conf > -rw------- 1 root root 14995 Jan 19 > 16:35 /etc/vpnc/vpnc-script > > > I assume 600,root,root is ok for the config file, or do you really need > 700 as the article indicates? I will update the permissions of > vpnc-script to be 700 The article should only indicate that you should change the permissions for the vpnc-script file. (quickly doublechecks.) Argh, the other was a typo. The description was correct (I said chmod to read/write for root) and I just fixed the command, so it now reads correctly. Thank you VERY much for catching it, and apologies.) So, vpnc-script should be 700 for root and the default vpnc.conf is probably not used anyway, since it does provide the pcf2vpnc. Even if used, current permissions are fine. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Principal Snyder: It's fuzzy-minded liberal thinking like that that gets you eaten.