[OpenWrt-Devel] Wrong file permissions on SquashFS
saso.linux at astim.si
Wed Dec 10 16:16:05 EST 2014
I've been checking some images and it seems some files have wrong
permissions on SquashFS images while the package itself has files with
Take AA rootfs for example, generic/openwrt-ar71xx-generic-rootfs.tar.gz:
/etc/ppp/chap-secrets root root 41 Mar 23 2013
When the file should be 0600 and actually is 0600 inside the
ppp_2.4.5-8_ar71xx.ipk. The same is with BB
openwrt-x86-generic-Generic-rootfs.tar.gz, /etc/ppp/chap-secrets is 0644.
For some reason /etc/shadow always has correct 0600 permissions.
Wrong permission on chap-secrets causes pppd to print a warning 'Warning -
secret file /etc/ppp/chap-secrets has world and/or group access'.
A bigger problem however are wrong permissions on /etc/racoon/psk.txt
(ipsec-tools) for example, where racoon will fail to authenticate psk
because the file is world readable. This presents a problem since the
administrator needs to correct the permissions before ipsec is usable even
when a custom-secret psk.txt is already shipped with the firmware image.
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel