-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julien Cristau wrote: > Package: dtc-xen > Version: 0.2.6-5 > Severity: serious > Tags: security > > Hi, > > dtc-xen creates files in /etc/dtc-xen in its postinst, in particular ssl > private keys, and only after that chmods them. This means that they is > a race condition which makes these files readable by anyone. > > Cheers, > Julien
Should I provide these files already with chmod in the package itself? Having them in the package in /etc wouldn't mater, as they would be set as conffiles, but it could be still problematic, no? What is your suggestion? Let me know. Thanks again for the report. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9PVIl4M9yZjvmkkRAsUdAJ9nc/joG7yJfg9BEwdXiC0ABMVrywCfX818 njJH57it8HVETGCyXyBRyBU= =ejoO -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
