** Description changed: + [Impact] + * The directory ~/.hplip/.gnupg is readable by non-root users + * This directory contains only public keys, but should still + have the permissions changed to 700 for privacy reasons + + [Test Case] + * Install hplip and run `hp-plugin -i` + * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x + * rm -rf ~/.hplip and install hplip from -proposed + * run `hp-plugin -i` again + * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx------ + + [Regression Potential] + * Because of file permissions becoming more restrictive, + it is possible that some other hplip binaries would + fail to read the .gnupg directory + * To ensure this isn't the case, testing should be done + on different hplip use-cases to ensure they still + function properly + + [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached.
** Patch added: "Jammy debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537374/+files/lp1938442_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
