Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin
file readable by all
Marcel Holtmann
marcel at holtmann.org
Mon Oct 9 13:22:49 UTC 2006
Hi Filippo,
> > In most cases, this is just a minor bug. At least having a default pin
> > and 'pairing multi' on by default are much bigger issues, but it's a
> > security related deviation from upstream. I would like to see this fixed.
>
> From what I can tell, when the user reaches the point where he cares about not
> having a default pin he can even change permissions. My rationale being that
> bluetooth is not meant to be used in an hostile environment, moreover the
> security features are rather "weak" FWIW.
> I would like to hear upstream opinion though.
starting with bluez-utils-3.7 we are using "security user" as default
and this means we will always ask the passkey agent. If no agent is
registered, then the connection will be rejected.
Regards
Marcel
More information about the Pkg-bluetooth-maintainers
mailing list