[Pkg-dns-devel] Bug#849156: Bug#849156: softhsm2-common: consider opening up permissions on /etc/softhsm

[Ondřej Surý]

Control: tags -1 +moreinfo

Hi Mike,

could you explain what is the use case to have more relaxed permissions?

Cheers,
-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Fri, Dec 23, 2016, at 01:42, Mike Miller wrote:
> Package: softhsm2-common
> Version: 2.2.0-1
> Severity: wishlist
> 
> Dear Maintainer,
> 
> The file permissions on /etc/softhsm and /etc/softhsm/softhsm2.conf seem
> overly restrictive. There is only one file in the directory, and the
> contents of the file (by default) are identical to the file
> /usr/share/softhsm/softhsm2.conf, which is readable by anyone.
> 
> I guess that creating a group to restrict access to tokens under
> /var/lib/softhsm makes sense, but there doesn't seem to be a reason to
> restrict access to the default config file that simply points to that
> directory.
> 
> Thanks for your consideration!
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (900, 'testing'), (800, 'unstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.8.0-1-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages softhsm2-common depends on:
> ii  ucf  3.0036
> 
> softhsm2-common recommends no packages.
> 
> softhsm2-common suggests no packages.
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-dns-devel mailing list
> pkg-dns-devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel