From bccfaa1137ee987c762ed293ae738510fe54f72e Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Thu, 24 Jan 2013 15:51:26 +0100 Subject: [PATCH] pnp4nagios-bin: Don't use world-readable permissions for process_perfdata.cfg. This would allow local users to read the Gearman shared key; thanks to Christoph Anton Mitterer for reporting this! Fixes CVE-2012-3457 Closes: #683879 --- debian/changelog | 5 +++++ debian/pnp4nagios-bin.postinst | 2 ++ 2 files changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index dc262ce..c009762 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,6 +25,11 @@ pnp4nagios (0.6.19-1) UNRELEASED; urgency=low * debian/nagios.cfg: - Unified whitespacing; thanks to Christoph Anton Mitterer for the patch (Closes: #683471). + * debian/pnp4nagios-bin.postinst: + - Don't use world-readable permissions for process_perfdata.cfg as this + would allow local users to read the Gearman shared key; thanks to + Christoph Anton Mitterer for reporting this; fixes CVE-2012-3457 + (Closes: #683879). -- Sebastian Harl Thu, 24 Jan 2013 14:50:27 +0100 diff --git a/debian/pnp4nagios-bin.postinst b/debian/pnp4nagios-bin.postinst index d3bc340..56a23ba 100644 --- a/debian/pnp4nagios-bin.postinst +++ b/debian/pnp4nagios-bin.postinst @@ -45,6 +45,8 @@ case "$1" in setperm nagios nagios 770 /var/spool/pnp4nagios/nagios setperm nagios nagios 770 /var/spool/pnp4nagios/npcd + setperm root nagios 640 /etc/pnp4nagios/process_perfdata.cfg + if [ -d /etc/nagios3/conf.d/ ]; then if [ ! -e /etc/nagios3/conf.d/pnp4nagios.cfg ]; then ln -s /etc/pnp4nagios/nagios.cfg /etc/nagios3/conf.d/pnp4nagios.cfg -- 2.30.2