Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67516 - [geoipupdate] GeoIP.conf should not be world readable as it contains confidential license keys
Attached to Project:
Community Packages
Opened by AMM (amish) - Friday, 07 August 2020, 03:27 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Sunday, 09 August 2020, 15:57 GMT
Opened by AMM (amish) - Friday, 07 August 2020, 03:27 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Sunday, 09 August 2020, 15:57 GMT
|
DetailsDescription:
GeoIP.conf file contains confidential license key (can be free / can be paid - $1200 per year!). Hence the file should not be world readable by default. Otherwise admin oversight can lead to expensive license key getting leaked to all users having access to the system. Please change it to 0600 by default instead of 0644. Thank you Additional info: * package version(s) Any * config and/or log files etc. /etc/GeoIP.conf |
This task depends upon
Closed by Massimiliano Torromeo (mtorromeo)
Sunday, 09 August 2020, 15:57 GMT
Reason for closing: Fixed
Additional comments about closing: geoipupdate-4.3.0-3
Sunday, 09 August 2020, 15:57 GMT
Reason for closing: Fixed
Additional comments about closing: geoipupdate-4.3.0-3