/var/lib/ufw is world readable.
Bug #393187 reported by
Steven
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
/var/lib/ufw is world readable thus exposing the current firewall setup. While not a major security flaw, it is not a good practice and makes all of the other attempts to hide the current firewall configuration pointless.
ufw version: 0.27-0ubuntu2
Related branches
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in ufw: | |
| status: | New → Confirmed |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Changed in ufw: | |
| importance: | Undecided → Low |
| Changed in ufw: | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in ufw: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thank you for using ufw and taking the time to report a bug.
This would also affect /etc/ufw, btw. Though I disagree that this is a security vulnerability (it is easy enough to figure out the general firewall policy is if you have login access to the machine). The files are world-readable for administrative purposes. That said, I do think it would be a security enhancement to make the directories 750, and plan to do that. This will give hints to distributions to chgrp the directories to an administrative group.