[pkg-wpa-devel] Bug#779585: hostapd: config file permission possible security issue
Pol Hallen
polhallen at fuckaround.org
Mon Mar 2 18:06:40 UTC 2015
Package: hostapd
Version: 1:1.0-3+deb7u1
Severity: minor
Hello :-)
standard installation of hostapd creates /etc/hostapd/hostapd.conf with these permissions:
-rwxr-xr-x 1 root root 230 Feb 28 21:19 hostapd.conf
this configuration permits any users to reads this file and ALSO wifi password
thanks
Pol
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages hostapd depends on:
ii initscripts 2.88dsf-41+deb7u1
ii libc6 2.13-38+deb7u8
ii libnl-3-200 3.2.7-4
ii libnl-genl-3-200 3.2.7-4
ii libssl1.0.0 1.0.1e-2+deb7u14
ii lsb-base 4.1+Debian8+deb7u1
hostapd recommends no packages.
hostapd suggests no packages.
-- Configuration Files:
/etc/default/hostapd changed:
DAEMON_CONF="/etc/hostapd/hostapd.conf /etc/hostapd/hostapd2.conf"
-- no debconf information
More information about the Pkg-wpa-devel
mailing list