Package: icecast2
Version: 2.3.2-2
Severity: minor

        Currently, the package sets overly restrictive permissions on
        some of its files upon configuration.  Namely, the postinst
        script contains:

$ nl -ba /var/lib/dpkg/info/icecast2.postinst 
...
    41
    42  chown -R icecast2: /var/log/icecast2 /etc/icecast2
    43  chmod -R ug=rw,o=,ug+X /etc/icecast2
    44
...
$ 

        I deem o= unreasonable, as I see nothing wrong in, e. g., a user
        inspecting the XSL-templates provided.  Apparently, the only
        file which requires such a protection is
        /etc/icecast2/icecast.xml, since it contains a number of
        passwords.

        Furthermore, this setup effectively prevents a user from
        starting his own server, for the purposes of a test, or
        otherwise, as while the configuration file could easily be
        written using the documentation and the provided examples, the
        necessary XSL-templates won't be available.  (As a work-around,
        the user attempting to start a server could $ dpkg -x the
        package for the necessary files.)

        (Not to mention that it's unclear whether the XSL templates
        should be put into /etc at all.  Would it make sense to put,
        e. g., entire Web sites into /etc?  Especially when considering
        the sites based on some software, like Wiki engines, etc.)

-- 
FSF associate member #7257



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to