[Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin file
readable by all
Moritz Muehlenhoff
jmm at inutil.org
Sun Oct 8 22:21:22 UTC 2006
Mikko Rapeli wrote:
> This small bug affects sarge too so I'm cc'ing security. Attached patches
> restrict the permissions for sarge and etch/sid so that non-root users can
> not read the default pin value used in Bluetooth authentication.
I know next to nothing about Bluetooth. What could a malicious user do
with this pin value and why does it need to be kept secret if it's
a default value (which I suppose is the same on all Debian installations?)
Cheers,
Moritz
More information about the Pkg-bluetooth-maintainers
mailing list