/var/lib/ufw is world readable.
Bug #393187 reported by
Steven
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Low
|
Unassigned |
Bug Description
/var/lib/ufw is world readable thus exposing the current firewall setup. While not a major security flaw, it is not a good practice and makes all of the other attempts to hide the current firewall configuration pointless.
ufw version: 0.27-0ubuntu2
Related branches
Changed in ufw: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
Thank you for using ufw and taking the time to report a bug.
This would also affect /etc/ufw, btw. Though I disagree that this is a security vulnerability (it is easy enough to figure out the general firewall policy is if you have login access to the machine). The files are world-readable for administrative purposes. That said, I do think it would be a security enhancement to make the directories 750, and plan to do that. This will give hints to distributions to chgrp the directories to an administrative group.