Bug 32541 - why not make /etc/default/ readble by all?
: why not make /etc/default/ readble by all?
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/shadow-utils)
: unstable
: all Linux
: P3 enhancement
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2016-09-28 11:38 by
Modified: 2017-03-07 20:23 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2016-09-28 11:38:26
shadow-utils-4.1.4.2-alt8


$ rpm -qf /etc/default -lv | fgrep /etc/default
drwxr-x--x    2 root    root                0 июн 21  2012 /etc/default
-rw-------    1 root    root              118 июн 21  2012 /etc/default/useradd
$ 

Why should the list of things that are in the directory be secret?


$ egrep '^/etc/default' /ALT/Sisyphus/{noarch,x86_64}/base/contents_index
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/eeepc-acpi-scripts   
eeepc-acpi-scripts
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/google-chrome   
google-chrome-preinstall
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/jetty    jetty
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/vivaldi   
vivaldi-preinstall
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/yandex-browser   
yandex-browser-preinstall
/ALT/Sisyphus/noarch/base/contents_index:/etc/default/yandex-browser-beta   
yandex-browser-preinstall
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default    shadow-utils
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs    aufs2-util
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs    aufs2-util-ng
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/aufs    aufs3-util
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/cryptmount    cryptmount
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/grub    grub2-common
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/ld10k1   
/etc/default/ld10k1
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/ltsp-client-setup   
ltsp-client
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/useradd    shadow-utils
/ALT/Sisyphus/x86_64/base/contents_index:/etc/default/vservers-default   
util-vserver
$ 

Are there plans for /etc/default/ to hold some files with secret names?
------- Comment #1 From 2016-09-28 11:58:13 -------
In Ubuntu Trusty, it's readable by all.
------- Comment #2 From 2017-03-07 20:23:37 -------
shadow-1:4.4-alt1 -> sisyphus:

* Fri Mar 03 2017 Mikhail Efremov <sem@altlinux> 1:4.4-alt1
- Don't own %_sysconfdir/default/ (closes: #32541).
- Fix possible crash if gmtime() returns NULL.
- chsh: Fix duplicate warning.
- Enable audit support.
- Don't package ChangeLog/NEWS files.
- Spec cleanup.
- submap: Add control scripts for newuidmap/newgidmap.
- Fix build: ignore write() return value.
- configure.ac: Drop man/po/Makefile.
- Drop FORCE_SHADOW.
- Don't create missing files.
- Fixes from usptream git:
  + Keep the permissions of the original file when creating a backup.
  + useradd: Read defaults after changing root directories.
  + Don't crash on bogus keys in login.defs if PAM is enabled.
  + Last bits of enabling subuids.
  + Make login.def files valid ASCII instead of UTF-8.
  + include getdef.h for getdef_bool prototype.
  + Print error message if SELinux file context manipulation fails.
  + Fix regression in useradd not loading defaults properly.
  + */Makefile.am: Replace INCLUDES with AM_CPPFLAGS.
- Updated to 4.4 (fixes CVE-2016-6252).