[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
This doesn't appear worth shipping a patch for downstream either, so I am going to unsubscribe Ubuntu Sponsors and mark it Won't fix. ** Changed in: hplip (Ubuntu Jammy) Status: New => Won't Fix ** Changed in: hplip (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: Won't Fix Status in hplip source package in Bionic: Won't Fix Status in hplip source package in Focal: Won't Fix Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: Won't Fix Status in hplip source package in Jammy: Won't Fix Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
The previous explanation suggests that's not really an issue and not worth stable update so I'm going to wontfix, William, those tasks were assigned to you so feel free to reopen and upload anyway if you feel like it's worth doing but in the current state it seems like that wasn't enough of a priority to get worked on Till, we might still want to change the default for futur upload even if it's minor? ** Changed in: hplip (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: hplip (Ubuntu Focal) Status: New => Won't Fix ** Changed in: hplip (Ubuntu Impish) Status: New => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: Won't Fix Status in hplip source package in Focal: Won't Fix Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: Won't Fix Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
Re: [Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Hi Till, On Thu, 9 Dec 2021, Till Kamppeter wrote: > Thorsten, could you also update the Debian package appropriately? And > once one it, update to 3.21.10? Thanks. I don't know why someone has a problem with the permissions of a directory containing public keys. At least the permissions of ~ should prevent world to access the directory. From my point of view the status of this bug in Hirsute and Fedora is the way to go ... Thorsten -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Thorsten, could you also update the Debian package appropriately? And once one it, update to 3.21.10? Thanks. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
@William, you should be able to upload yourself now right? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Changed in: hplip (Ubuntu Hirsute) Status: New => Won't Fix ** Changed in: hplip (Ubuntu Impish) Assignee: (unassigned) => William Wilson (jawn-smith) ** Changed in: hplip (Ubuntu Focal) Assignee: (unassigned) => William Wilson (jawn-smith) ** Changed in: hplip (Ubuntu Bionic) Assignee: (unassigned) => William Wilson (jawn-smith) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: Won't Fix Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Changed in: hplip (Ubuntu Bionic) Importance: Undecided => Low ** Changed in: hplip (Ubuntu Focal) Importance: Undecided => Low ** Changed in: hplip (Ubuntu Hirsute) Importance: Undecided => Low ** Changed in: hplip (Ubuntu Impish) Importance: Undecided => Low ** Changed in: hplip (Ubuntu Jammy) Importance: Undecided => Low -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: New Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Changed in: fedora Importance: Unknown => Undecided ** Changed in: fedora Status: Unknown => New ** Changed in: fedora Remote watch: Red Hat Bugzilla #1985251 => None ** Package changed: fedora => ubuntu-translations ** No longer affects: ubuntu-translations ** Bug watch removed: Red Hat Bugzilla #1985251 https://bugzilla.redhat.com/show_bug.cgi?id=1985251 ** Project changed: hplip => ubuntu-translations ** No longer affects: ubuntu-translations -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: New Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Changed in: hplip (Ubuntu) Milestone: None => impish-updates ** Changed in: hplip (Ubuntu) Milestone: impish-updates => focal-updates ** Also affects: hplip (Ubuntu Jammy) Importance: Undecided Assignee: Till Kamppeter (till-kamppeter) Status: New ** Also affects: hplip (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: hplip (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: hplip (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: hplip (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: hplip (Ubuntu Jammy) Milestone: focal-updates => None -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: New Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Reupload to fix s/hplib/hplip/ typo in changelog ** Patch added: "Bionic debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537488/+files/lp1938442_bionic.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: New Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Reupload to fix s/hplib/hplip/ typo in changelog ** Patch added: "Impish debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537487/+files/lp1938442_impish.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in hplip source package in Bionic: New Status in hplip source package in Focal: New Status in hplip source package in Hirsute: New Status in hplip source package in Impish: New Status in hplip source package in Jammy: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
The public GPG keys here are only to check the integrity of a downloaded proprietary plugin, to prevent that someone could make HPLIP download and install a fake, malware plugin. HPLIP does not load such a key as long as the user does not try to download the plugin and HPLIP dos also not do any other downloads from the internet. The keys are actually only HP's public keys. No keys of the user are stored under ~/.hplip. So wrong permissions should be harmless here. So what you should do for testing is whether you can still download the proprietary plugin with the stricter permissions (with your patch). If it still works, the stricter permissions could be generally used, but as the keys are only public keys from HP, the stricter permissions are not actually needed. If my assumptions are correct, I do not see a security issue here. Can someone from HP tell whether I am right? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Hey Till, could you review the sponsoring request? ** Changed in: hplip (Ubuntu) Assignee: (unassigned) => Till Kamppeter (till-kamppeter) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Patch added: "Impish debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537375/+files/lp1938442_impish.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Patch added: "Bionic debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537379/+files/lp1938442_bionic.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Patch added: "Focal debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537378/+files/lp1938442_focal.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Patch added: "Hirsute debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537377/+files/lp1938442_hirsute.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Patch added: "Impish debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537376/+files/lp1938442_impish.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
** Description changed: + [Impact] + * The directory ~/.hplip/.gnupg is readable by non-root users + * This directory contains only public keys, but should still + have the permissions changed to 700 for privacy reasons + + [Test Case] + * Install hplip and run `hp-plugin -i` + * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x + * rm -rf ~/.hplip and install hplip from -proposed + * run `hp-plugin -i` again + * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- + + [Regression Potential] + * Because of file permissions becoming more restrictive, + it is possible that some other hplip binaries would + fail to read the .gnupg directory + * To ensure this isn't the case, testing should be done + on different hplip use-cases to ensure they still + function properly + + [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. ** Patch added: "Jammy debdiff" https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537374/+files/lp1938442_jammy.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: [Impact] * The directory ~/.hplip/.gnupg is readable by non-root users * This directory contains only public keys, but should still have the permissions changed to 700 for privacy reasons [Test Case] * Install hplip and run `hp-plugin -i` * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x * rm -rf ~/.hplip and install hplip from -proposed * run `hp-plugin -i` again * ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx-- [Regression Potential] * Because of file permissions becoming more restrictive, it is possible that some other hplip binaries would fail to read the .gnupg directory * To ensure this isn't the case, testing should be done on different hplip use-cases to ensure they still function properly [Original Description] Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
The attachment "Proposed patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1938442] Re: Wrong permissions on ~/.hplip/.gnupg
Ubuntu 20.04 is affected too. ** Bug watch added: Red Hat Bugzilla #1985251 https://bugzilla.redhat.com/show_bug.cgi?id=1985251 ** Also affects: fedora via https://bugzilla.redhat.com/show_bug.cgi?id=1985251 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1938442 Title: Wrong permissions on ~/.hplip/.gnupg Status in HPLIP: New Status in hplip package in Ubuntu: New Status in Fedora: Unknown Bug description: Hi, we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys. However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed. The patch is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1938442/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp