ubuntu-translations-coordinators team mailing list archive

Thread
Date

[Bug 1938442] [NEW] Wrong permissions on ~/.hplip/.gnupg

To: ubuntu-translations-coordinators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1938442@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Nov 2021 06:04:18 -0000
Reply-to: Bug 1938442 <1938442@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

You have been subscribed to a public bug:

[Impact]
* The directory ~/.hplip/.gnupg is readable by non-root users
* This directory contains only public keys, but should still
  have the permissions changed to 700 for privacy reasons

[Test Case]
* Install hplip and run `hp-plugin -i` 
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x
* rm -rf ~/.hplip and install hplip from -proposed
* run `hp-plugin -i` again
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx------

[Regression Potential]
* Because of file permissions becoming more restrictive,
  it is possible that some other hplip binaries would
  fail to read the .gnupg directory
* To ensure this isn't the case, testing should be done
  on different hplip use-cases to ensure they still
  function properly

[Original Description]
Hi,

we have a report in Fedora -
https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found
out that ~/.hplip/.gnupg directory has permissions 755 instead of 700.
Perms 700 prevent accessing the dir by other users, because the dir can
contain private keys.

However, .gnupg dir contains only a public key used in GPG verification
of HP plugin, so the matter isn't that critical, but it is good to have
it fixed.

The patch is attached.

** Affects: ubuntu-translations
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu)
     Importance: Undecided
     Assignee: Till Kamppeter (till-kamppeter)
         Status: New

** Affects: hplip (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu Hirsute)
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu Impish)
     Importance: Undecided
         Status: New

** Affects: hplip (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Till Kamppeter (till-kamppeter)
         Status: New


** Tags: patch
-- 
Wrong permissions on ~/.hplip/.gnupg
https://bugs.launchpad.net/bugs/1938442
You received this bug notification because you are a member of Ubuntu Translations Coordinators, which is subscribed to Ubuntu Translations.