[OpenWrt-Devel] Wrong file permissions on SquashFS

Saso Slavicic saso.linux at astim.si
Wed Dec 10 16:16:05 EST 2014


I've been checking some images and it seems some files have wrong
permissions on SquashFS images while the package itself has files with
correct permissions.

Take AA rootfs for example,  generic/openwrt-ar71xx-generic-rootfs.tar.gz:

/etc/ppp/chap-secrets		root	root      41	Mar 23  2013

When the file should be 0600 and actually is 0600 inside the
ppp_2.4.5-8_ar71xx.ipk. The same is with BB
openwrt-x86-generic-Generic-rootfs.tar.gz, /etc/ppp/chap-secrets is 0644.
For some reason /etc/shadow always has correct 0600 permissions.

Wrong permission on chap-secrets causes pppd to print a warning 'Warning -
secret file /etc/ppp/chap-secrets has world and/or group access'.
A bigger problem however are wrong permissions on /etc/racoon/psk.txt
(ipsec-tools) for example, where racoon will fail to authenticate psk
because the file is world readable. This presents a problem since the
administrator needs to correct the permissions before ipsec is usable even
when a custom-secret psk.txt is already shipped with the firmware image.

Regards, Alex
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list