Package: coturn Version: 4.5.1.1-1.1 Severity: normal
Dear Debian folks,Currently, the Debian package seems to install the configuration file as world-readable.
$ ls -l /etc/turnserver.conf -rw-r--r-- 1 root root 328 Mar 18 16:02 /etc/turnserver.confThe upstream package installation only install `/etc/turnserver.conf.example`.
If a user sets up a static secret in the configuration file, the access modes should probably be restricted to root only, shouldn’t they?
Kind regards, Paul