Author: jajcus Date: Thu Mar 18 09:14:35 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- SECURITY: limit access to bat.conf to user root and bacula group only. This
file
contains a password which gives full access to the backup server (this could be
used to destroy all backups and even all data on the client machines). Tray
monitor is not affected, as it used different credentials with lower
privileges.
- move bat executable to %{_bindir}, as it can be used by users too
---- Files affected:
packages/bacula:
bacula-desktop.patch (1.1 -> 1.2) , bacula.spec (1.131 -> 1.132)
---- Diffs:
================================================================
Index: packages/bacula/bacula-desktop.patch
diff -u packages/bacula/bacula-desktop.patch:1.1
packages/bacula/bacula-desktop.patch:1.2
--- packages/bacula/bacula-desktop.patch:1.1 Wed Apr 15 18:12:40 2009
+++ packages/bacula/bacula-desktop.patch Thu Mar 18 10:14:29 2010
@@ -6,7 +6,8 @@
Comment=Bacula Director Console
-Icon=/usr/share/pixmaps/bat_icon.png
+Icon=bacula
- ex...@sbindir@/bat -c @sysconfdir@/bat.conf
+-ex...@sbindir@/bat -c @sysconfdir@/bat.conf
++ex...@bindir@/bat -c @sysconfdir@/bat.conf
Terminal=false
Type=Application
Encoding=UTF-8
================================================================
Index: packages/bacula/bacula.spec
diff -u packages/bacula/bacula.spec:1.131 packages/bacula/bacula.spec:1.132
--- packages/bacula/bacula.spec:1.131 Wed Mar 17 17:09:24 2010
+++ packages/bacula/bacula.spec Thu Mar 18 10:14:29 2010
@@ -575,7 +575,7 @@
%endif
%if %{with bat}
-install src/qt-console/.libs/bat $RPM_BUILD_ROOT%{_sbindir}
+install src/qt-console/.libs/bat $RPM_BUILD_ROOT%{_bindir}
install scripts/bat.desktop $RPM_BUILD_ROOT%{_desktopdir}
%endif
@@ -973,8 +973,10 @@
%doc LICENSE
%{_pixmapsdir}/%{name}.png
%{_desktopdir}/bat.desktop
-%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/bat.conf
-%attr(755,root,root) %{_sbindir}/bat
+# Do not make this file world-readable or any user will get full access to the
+# backup system
+%attr(640,root,bacula) %config(noreplace) %verify(not md5 mtime size)
%{_sysconfdir}/bat.conf
+%attr(755,root,root) %{_bindir}/bat
%{_mandir}/man1/bat.1*
%{_docdir}/%{name}
%endif
@@ -1013,6 +1015,14 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.132 2010/03/18 09:14:29 jajcus
+- SECURITY: limit access to bat.conf to user root and bacula group only. This
file
+contains a password which gives full access to the backup server (this could be
+used to destroy all backups and even all data on the client machines). Tray
+monitor is not affected, as it used different credentials with lower
+privileges.
+- move bat executable to %{_bindir}, as it can be used by users too
+
Revision 1.131 2010/03/17 16:09:24 glen
- packaging %ghost as symlink only brings trouble (extra Filelinktos deps,
when payload is not even in rpm)
- btw, how about packaging the ghosts in main package?
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/bacula/bacula-desktop.patch?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/bacula/bacula.spec?r1=1.131&r2=1.132&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
