Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <53A3C917.10002@redhat.com>
Date: Fri, 20 Jun 2014 15:39:35 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: possible CVE request: opendnssec and softhsm permission issue

Good morning,

Not sure if this requires a CVE. 
https://bugzilla.redhat.com/show_bug.cgi?id=1098188 notes some 
permission errors for files in /var/softhsm/ and /var/opendnssec/

Two notes:

1) after installing those packages on Fedora 20, the directory 
permissions for those directories is mode 770 root:ods, so an 
unprivileged user cannot go in there.

2) the proposed fix in the Red Hat bug is about making certain files 
owned by "ods" instead of "root". It does not mention removing read 
permissions for other users.

I do not see a leak here, but am not familiar with opendnssec and softhsm.

It may have been filed as a security issue here due to 
https://issues.opendnssec.org/browse/SUPPORT-136 (as noted in the bug). 
I'll mail about that one shortly.

Thanks,

--
Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.