Bug#285989: exim4-config: Creates world-readable config file

Stephen Gran Stephen Gran <sgran@debian.org>, 285989@bugs.debian.org
Thu, 16 Dec 2004 14:07:59 -0500 

--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: exim4-config
Version: 4.34-9
Severity: normal

-rw-r--r--  1 root Debian-exim 10783 2004-12-11 12:58 config.autogenerated

That seems less than ideal, especially given that things like sql
passwords can be stored in it.  Since upstream has the hide option for
things just like that, it seems that they also do not encourage this
file to be world-readable.

Thanks,

-- Package-specific info:
Exim version 4.34 #1 built 07-Dec-2004 13:59:38
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch n=
is nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype=3D'smarthost'
dc_other_hostnames=3D''
dc_local_interfaces=3D'127.0.0.1'
dc_readhost=3D''
dc_relay_domains=3D''
dc_minimaldns=3D'false'
dc_relay_nets=3D''
dc_smarthost=3D'mail.lobefin.net'
CFILEMODE=3D'644'
dc_use_split_config=3D'true'
dc_hide_mailname=3D'false'
mailname:gashuffer.lobefin.net

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686-smp
Locale: LANG=3DC, LC_CTYPE=3Den_US.ISO-8859-15 (charmap=3DISO-8859-15) (ign=
ored: LC_ALL set to en_US.ISO-8859-15)

Versions of packages exim4-config depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  debconf [debconf-2.0]       1.4.41       Debian configuration managemen=
t sy
ii  passwd                      1:4.0.3-30.4 Change and administer password=
 and

-- debconf information:
* exim4/dc_smarthost: mail.lobefin.net
* exim4/dc_relay_domains:
  exim4/exim3_upgrade: true
* exim4/dc_eximconfig_configtype: mail sent by smarthost; received via SMTP=
 or fetchmail
  exim4/dc_readhost:
  exim4/exim4-config-title:
  exim4/dc_noalias_regenerate: false
* exim4/dc_relay_nets:
* exim4/mailname: gashuffer.lobefin.net
* exim4/dc_local_interfaces: 127.0.0.1
* exim4/dc_minimaldns: false
* exim4/dc_other_hostnames:
  exim4/no_config: true
* exim4/hide_mailname: false
* exim4/dc_postmaster: steve@lobefin.net
* exim4/use_split_config: true

--=20
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBwd0OSYIMHOpZA44RAkL4AJwP10CVGMCasJcPUUK3Nu4YNbZPJwCZAT46
my8LLXcdchRvk5d5O27r5Pg=
=iKmc
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--