Hi,

I've been checking some images and it seems some files have wrong
permissions on SquashFS images while the package itself has files with
correct permissions.

Take AA rootfs for example,  generic/openwrt-ar71xx-generic-rootfs.tar.gz:

/etc/ppp/chap-secrets           root    root      41    Mar 23  2013
-rw-r--r--

When the file should be 0600 and actually is 0600 inside the
ppp_2.4.5-8_ar71xx.ipk. The same is with BB
openwrt-x86-generic-Generic-rootfs.tar.gz, /etc/ppp/chap-secrets is 0644.
For some reason /etc/shadow always has correct 0600 permissions.

Wrong permission on chap-secrets causes pppd to print a warning 'Warning -
secret file /etc/ppp/chap-secrets has world and/or group access'.
A bigger problem however are wrong permissions on /etc/racoon/psk.txt
(ipsec-tools) for example, where racoon will fail to authenticate psk
because the file is world readable. This presents a problem since the
administrator needs to correct the permissions before ipsec is usable even
when a custom-secret psk.txt is already shipped with the firmware image.

Regards, Alex
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to