Package: libmailutils2
Version: 1:2.1+dfsg1-7
Severity: normal
*** Please type your report below this line ***
SSL key files may be readable by the ssl-cert group (like the default
snakeoil key-- /etc/ssl/private/ssl-cert-snakeoil.key). libmailutils2
will refuse to open these files with a "wrong permissions on %s (set
0600)" error.
Is there any chance we could have the permission-checking relaxed?
I'm currently using the following patch to trim down permission
checking from any group privileges to just write privileges.
diff --git a/libmu_auth/tls.c b/libmu_auth/tls.c
index e4efe64..8c05427 100644
--- a/libmu_auth/tls.c
+++ b/libmu_auth/tls.c
@@ -100,7 +100,7 @@ mu_check_tls_environment (void)
mu_tls_module_config.ssl_key);
return 0;
}
- if ((st.st_mode & S_IRWXG) || (st.st_mode & S_IRWXO))
+ if ((st.st_mode & S_IWGRP) || (st.st_mode & S_IRWXO))
{
mu_error (_("wrong permissions on %s (set 0600)"),
mu_tls_module_config.ssl_key);
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libmailutils2 depends on:
ii guile-1.8-libs 1.8.7+1-3 Main Guile libraries
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libgcc1 1:4.4.5-8 GCC support library
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgdbm3 1.8.3-9 GNU dbm database routines (runtime
ii libgmp3c2 2:4.3.2+dfsg-1 Multiprecision arithmetic library
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libgpg-error0 1.6-1 library for common error values an
ii libgsasl7 1.4.4-2 GNU SASL library
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libidn11 1.15-2 GNU Libidn library, implementation
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libmysqlclient16 5.1.49-3 MySQL database client library
ii libntlm0 1.2-1 NTLM authentication library
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libpython2.6 2.6.6-8+b1 Shared Python runtime library (ver
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libmailutils2 recommends no packages.
libmailutils2 suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
