Bug 114383 - /etc/racoon/psk.txt is 0644, should be 0600
Summary: /etc/racoon/psk.txt is 0644, should be 0600
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Network (show other bugs)
Version: Beta 3
Hardware: Other Linux
: P5 - None : Normal
Target Milestone: ---
Assignee: Jiri Bohac
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-31 12:19 UTC by Michal Marek
Modified: 2005-09-01 07:53 UTC (History)
0 users

See Also:
Found By: Component Test
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Marek 2005-08-31 12:19:51 UTC 
/etc/racoon/psk.txt in ipsec-tools has mode 0644, if the user doesn't
change this, racoon complains when setting up the tunnel:

Aug 31 13:56:58 linux racoon: INFO: respond new phase 1 negotiation:
192.168.3.1[500]<=>192.168.3.2[500]
Aug 31 13:56:58 linux racoon: INFO: begin Identity Protection mode.
Aug 31 13:56:58 linux racoon: INFO: received Vendor ID: DPD
Aug 31 13:56:58 linux racoon: ERROR: /etc/racoon/psk.txt has weak file permission
Aug 31 13:56:58 linux racoon: ERROR: failed to open pre_share_key file
/etc/racoon/psk.txt
Aug 31 13:56:58 linux racoon: ERROR: couldn't find the pskey for 192.168.3.2.
Aug 31 13:56:58 linux racoon: ERROR: failed to process packet.
Aug 31 13:56:58 linux racoon: ERROR: phase1 negotiation failed.

BTW I checked two other distributions and they install psk.txt with mode 0600.
Comment 1 Jiri Bohac 2005-08-31 15:20:56 UTC 
Just submited the fixed package to autobuild.
Comment 2 Jiri Bohac 2005-09-01 07:53:12 UTC 
The fixed package has been checked into autobuild.