[Pkg-iscsi-maintainers] Bug#735773: open-iscsi: World readable CHAP credentials in iscsid.conf
Jamie Strandboge
jamie at ubuntu.com
Fri Jan 17 19:29:16 UTC 2014
Package: open-iscsi
Version: 2.0.873-3
Severity: normal
Forwarding LP: #1268240 from Ubuntu:
"/etc/iscsi/iscsid.conf is world readable but it may contain CHAP credentials.
This affects at least Precise and Saucy."
I also confirmed this on 14.04 (2.0.873-3ubuntu7). This is arguably a security
bug, but since there isn't an automated way (that I know of) to set the CHAP
credentials, the admin must edit the file manually and therefore should adjust
the permissions accordingly. That said, it might be a worthwhile hardening
measure to make the file 640.
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-2-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-iscsi-maintainers
mailing list