Package: vde2
Version: 2.3.2-4
Severity: wishlist
Dear Maintainer,
Currently, /etc/network/if-pre-up.d/vde2 (also, vde2.postinst) create
/var/run/vde2 as follows:
mkdir -p $RUNDIR
chown vde2-net:vde2-net $RUNDIR
chmod 2770 $RUNDIR
I believe the permissions should be (at least) 2771. 2770 makes it
impossible for users not in the vde2-net group to use VDE interfaces,
even if those interfaces are owned by groups besides vde2-net[1].
Since all sensitive files in /var/run/vde2 have non-world-accessible
permissions by default, there shouldn't be any security implications
from making this directory world-executable.
Could these scripts be updated accordingly?
Thanks,
Andrew
[1] This would be accomplished by passing the -g option to the vde2-switch
directive in /etc/network/interfaces, and is highly useful because it
lets you grant different users access to different VDE interfaces.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
