On Tue, Dec 03, 2013 at 10:38:09AM +0100, Jérémy Bobbio wrote:
Btw, I wonder, I would have expected /etc/bley be 750, not 755 as in
your paste above.
Why? The directory should be owned by root:root, as no other users
should be allowed to add files in the configuration directory. But then,
Package: bley
Version: 0.1.5-2
Severity: important
Hi!
After installing bley, I was a bit puzzled by the permissions given to
the configuration file:
drwxr-x--- 2 root bley 4096 déc. 2 10:45 bley
-rw--- 1 bley bley 1101 déc. 2 10:45 bley/bley.conf
-rw--- 1 bley root 81 déc. 1
Hi lunar!
On Mon, Dec 02, 2013 at 11:03:31AM +0100, Jérémy Bobbio wrote:
After installing bley, I was a bit puzzled by the permissions given to
the configuration file:
drwxr-x--- 2 root bley 4096 déc. 2 10:45 bley
-rw--- 1 bley bley 1101 déc. 2 10:45 bley/bley.conf
-rw--- 1
On Mon, Dec 02, 2013 at 09:42:24PM +0100, Evgeni Golov wrote:
The daemon is run as the `bley` user. So this means that it can rewrite
its own configuration file. That's unusal and bad for security.
Also, given that the secrets are all in dbconfig-common.conf, why not
make bley.conf
4 matches
Mail list logo
