Package: vde2 Version: 2.3.2-4 Severity: wishlist Dear Maintainer,
Currently, /etc/network/if-pre-up.d/vde2 (also, vde2.postinst) create /var/run/vde2 as follows: mkdir -p $RUNDIR chown vde2-net:vde2-net $RUNDIR chmod 2770 $RUNDIR I believe the permissions should be (at least) 2771. 2770 makes it impossible for users not in the vde2-net group to use VDE interfaces, even if those interfaces are owned by groups besides vde2-net[1]. Since all sensitive files in /var/run/vde2 have non-world-accessible permissions by default, there shouldn't be any security implications from making this directory world-executable. Could these scripts be updated accordingly? Thanks, Andrew [1] This would be accomplished by passing the -g option to the vde2-switch directive in /etc/network/interfaces, and is highly useful because it lets you grant different users access to different VDE interfaces. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org