Bug 114383

Summary: /etc/racoon/psk.txt is 0644, should be 0600
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Michal Marek <mmarek>
Component: NetworkAssignee: Jiri Bohac <jbohac>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
Whiteboard:
Found By: Component Test Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Michal Marek 2005-08-31 12:19:51 UTC 
/etc/racoon/psk.txt in ipsec-tools has mode 0644, if the user doesn't
change this, racoon complains when setting up the tunnel:

Aug 31 13:56:58 linux racoon: INFO: respond new phase 1 negotiation:
192.168.3.1[500]<=>192.168.3.2[500]
Aug 31 13:56:58 linux racoon: INFO: begin Identity Protection mode.
Aug 31 13:56:58 linux racoon: INFO: received Vendor ID: DPD
Aug 31 13:56:58 linux racoon: ERROR: /etc/racoon/psk.txt has weak file permission
Aug 31 13:56:58 linux racoon: ERROR: failed to open pre_share_key file
/etc/racoon/psk.txt
Aug 31 13:56:58 linux racoon: ERROR: couldn't find the pskey for 192.168.3.2.
Aug 31 13:56:58 linux racoon: ERROR: failed to process packet.
Aug 31 13:56:58 linux racoon: ERROR: phase1 negotiation failed.

BTW I checked two other distributions and they install psk.txt with mode 0600.
Comment 1 Jiri Bohac 2005-08-31 15:20:56 UTC 
Just submited the fixed package to autobuild.
Comment 2 Jiri Bohac 2005-09-01 07:53:12 UTC 
The fixed package has been checked into autobuild.