Bugzilla – Bug 1171658
VUL-1: CVE-2020-12831: frr: default permission issue eases information leaks
Last modified: 2020-06-04 12:02:45 UTC
Description of problem:
By default, frr creates empty configuration files, however unfortunately with too wide permissions: As per http://docs.frrouting.org/en/latest/bgp.html, /etc/frr/bgpd.conf is also meant to contain the BGP password for peerings/sessions, thus proper default permissions should be applied by frr when even creating this file for administrator convenience. Otherwise information leaks are eased.
Version-Release number of selected component (if applicable):
See above and below.
Steps to Reproduce:
1. dnf install frr
2. sed -e 's/^zebra=no/zebra=yes/' -e 's/^bgpd=no/bgpd=yes/' -i /etc/frr/daemons
3. systemctl start frr.service
4. ls -l /etc/frr/bgpd.conf
-rw-r--r--. 1 frr frr 0 May 4 01:07 /etc/frr/bgpd.conf
5. ls -ld /etc/frr/
drwxr-xr-x. 2 frr frr 4096 May 4 01:07 /etc/frr/
World-readable /etc/frr/bgpd.conf by default.
/etc/frr/bgpd.conf should be maybe 640 by default.
I did not investigate whether this is an upstream or a downstream issue, given frr.service seems to be built on an old initscript (/usr/lib/frr/frr) rather being a modern systemd unit.
Only in TW. The fix is available at 
Applied the commit and submitted to Factory: https://build.opensuse.org/request/show/810509
Request has been approved.