FS#62491 - [matterbridge] Config in /etc/ with cleartext passwords is readable by any user
Attached to Project:
Community Packages
Opened by Dmitry V. Luciv (dluciv) - Saturday, 27 April 2019, 16:12 GMT
Last edited by Justin Kromlinger (hashworks) - Sunday, 05 December 2021, 15:39 GMT
Opened by Dmitry V. Luciv (dluciv) - Saturday, 27 April 2019, 16:12 GMT
Last edited by Justin Kromlinger (hashworks) - Sunday, 05 December 2021, 15:39 GMT
|
Details
Description:
Config in /etc/ with cleartext passwords is readable by all users logged in. I suggest making matterbridge (the both user and group) an owner of it and making it not readable by others. Additional info: * package version(s) 1.14.4-1, but this likely does not matter |
This task depends upon
Closed by Justin Kromlinger (hashworks)
Sunday, 05 December 2021, 15:39 GMT
Reason for closing: Fixed
Sunday, 05 December 2021, 15:39 GMT
Reason for closing: Fixed
Could you do the following?
0. Stop the running matterbridge if any.
1. Edit the systemd matterbridge.service file on your system, replacing `ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge.toml` by `ExecStart=/usr/bin/matterbridge -conf /etc/matterbridge/matterbridge.toml` and adding `ConfigurationDirectory=matterbridge`.
2. Move `/etc/matterbridge.toml` to `/etc/matterbridge/matterbridge.toml`, make sure the folder is root:root 755 or 700, and the config file within root:root 600.
3. Start matterbridge and verify if it was able to read its configuration file.
However another idea could be to copy the configuration file to a temporary place only accessible to this user, and change the permissions. Something like StateDirectory could be used for this. I’ll try to work something out.