oss-sec mailing list archives
Re: Re: Question about world readable config files and commented warnings
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 30 Jun 2015 11:04:04 -0700
On Tue, Jun 30, 2015 at 10:32:56AM -0600, Kurt Seifried wrote:
Ok, so does a situation where the author creates the config file with that warning, and then a vendor repackages and ships it, still world readable, still with the warning, warrant a CVE?
Did the vendor also fill in a password? If so, that's worth a CVE to me. If not, then it's still on the end user to decide if the hypothetical database needs a password, and if so, if the configuration file needs to be closed down to protect the password. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Question about world readable config files and commented warnings Kurt Seifried (Jun 29)
- Re: Question about world readable config files and commented warnings gremlin (Jun 29)
- Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
- Re: Question about world readable config files and commented warnings vladz (Jun 30)
- Re: Question about world readable config files and commented warnings Seth Arnold (Jun 30)
- Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
- Re: Question about world readable config files and commented warnings gremlin (Jun 29)
- Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
- Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
- Re: Re: Question about world readable config files and commented warnings Seth Arnold (Jun 30)
- Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
- Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)
- Re: Question about world readable config files and commented warnings cve-assign (Jun 30)
- Re: Question about world readable config files and commented warnings Kurt Seifried (Jun 30)