2021-07-29 12:02:35 |
zdohnal |
bug |
|
|
added bug |
2021-07-29 12:02:35 |
zdohnal |
attachment added |
|
Proposed patch https://bugs.launchpad.net/bugs/1938442/+attachment/5514599/+files/hplip-gpgdir-perms.patch |
|
2021-07-29 12:02:51 |
zdohnal |
bug task added |
|
hplip (Ubuntu) |
|
2021-07-29 12:03:27 |
zdohnal |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1985251 |
|
2021-07-29 12:03:27 |
zdohnal |
bug task added |
|
fedora |
|
2021-07-29 12:30:25 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2021-07-29 12:30:34 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2021-07-30 06:50:08 |
Till Kamppeter |
bug |
|
|
added subscriber Didier Raboud |
2021-10-31 23:39:12 |
William Wilson |
description |
Hi,
we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys.
However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed.
The patch is attached. |
[Impact]
* The directory ~/.hplip/.gnupg is readable by non-root users
* This directory contains only public keys, but should still
have the permissions changed to 700 for privacy reasons
[Test Case]
* Install hplip and run `hp-plugin -i`
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwxr-xr-x
* rm -rf ~/.hplip and install hplip from -proposed
* run `hp-plugin -i` again
* ls -al ~/.hplip and observe that ~/.hplip/.gnupg has perms drwx------
[Regression Potential]
* Because of file permissions becoming more restrictive,
it is possible that some other hplip binaries would
fail to read the .gnupg directory
* To ensure this isn't the case, testing should be done
on different hplip use-cases to ensure they still
function properly
[Original Description]
Hi,
we have a report in Fedora - https://bugzilla.redhat.com/show_bug.cgi?id=1985251 - where Sergey found out that ~/.hplip/.gnupg directory has permissions 755 instead of 700. Perms 700 prevent accessing the dir by other users, because the dir can contain private keys.
However, .gnupg dir contains only a public key used in GPG verification of HP plugin, so the matter isn't that critical, but it is good to have it fixed.
The patch is attached. |
|
2021-10-31 23:39:35 |
William Wilson |
attachment added |
|
Jammy debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537374/+files/lp1938442_jammy.debdiff |
|
2021-10-31 23:40:00 |
William Wilson |
attachment added |
|
Impish debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537375/+files/lp1938442_impish.debdiff |
|
2021-10-31 23:40:03 |
William Wilson |
attachment added |
|
Impish debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537376/+files/lp1938442_impish.debdiff |
|
2021-10-31 23:40:28 |
William Wilson |
attachment added |
|
Hirsute debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537377/+files/lp1938442_hirsute.debdiff |
|
2021-10-31 23:40:51 |
William Wilson |
attachment added |
|
Focal debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537378/+files/lp1938442_focal.debdiff |
|
2021-10-31 23:41:13 |
William Wilson |
attachment added |
|
Bionic debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537379/+files/lp1938442_bionic.debdiff |
|
2021-11-01 09:42:24 |
Sebastien Bacher |
hplip (Ubuntu): assignee |
|
Till Kamppeter (till-kamppeter) |
|
2021-11-01 09:43:30 |
Sebastien Bacher |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2021-11-01 14:57:08 |
William Wilson |
attachment added |
|
Impish debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537487/+files/lp1938442_impish.debdiff |
|
2021-11-01 14:57:37 |
William Wilson |
attachment added |
|
Bionic debdiff https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1938442/+attachment/5537488/+files/lp1938442_bionic.debdiff |
|
2021-11-01 14:57:56 |
William Wilson |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-11-01 15:00:14 |
Till Kamppeter |
hplip (Ubuntu): milestone |
|
impish-updates |
|
2021-11-01 15:01:19 |
Till Kamppeter |
hplip (Ubuntu): milestone |
impish-updates |
focal-updates |
|
2021-11-01 15:01:45 |
Till Kamppeter |
nominated for series |
|
Ubuntu Jammy |
|
2021-11-01 15:01:45 |
Till Kamppeter |
bug task added |
|
hplip (Ubuntu Jammy) |
|
2021-11-01 15:01:45 |
Till Kamppeter |
nominated for series |
|
Ubuntu Hirsute |
|
2021-11-01 15:01:45 |
Till Kamppeter |
bug task added |
|
hplip (Ubuntu Hirsute) |
|
2021-11-01 15:01:45 |
Till Kamppeter |
nominated for series |
|
Ubuntu Bionic |
|
2021-11-01 15:01:45 |
Till Kamppeter |
bug task added |
|
hplip (Ubuntu Bionic) |
|
2021-11-01 15:01:45 |
Till Kamppeter |
nominated for series |
|
Ubuntu Impish |
|
2021-11-01 15:01:45 |
Till Kamppeter |
bug task added |
|
hplip (Ubuntu Impish) |
|
2021-11-01 15:01:45 |
Till Kamppeter |
nominated for series |
|
Ubuntu Focal |
|
2021-11-01 15:01:45 |
Till Kamppeter |
bug task added |
|
hplip (Ubuntu Focal) |
|
2021-11-01 15:02:08 |
Till Kamppeter |
hplip (Ubuntu Jammy): milestone |
focal-updates |
|
|
2021-11-02 06:01:31 |
Mathew Hodson |
fedora: importance |
Unknown |
Undecided |
|
2021-11-02 06:01:31 |
Mathew Hodson |
fedora: status |
Unknown |
New |
|
2021-11-02 06:01:31 |
Mathew Hodson |
fedora: remote watch |
Red Hat Bugzilla #1985251 |
|
|
2021-11-02 06:02:52 |
Mathew Hodson |
affects |
fedora |
ubuntu-translations |
|
2021-11-02 06:03:31 |
Mathew Hodson |
bug task deleted |
ubuntu-translations |
|
|
2021-11-02 06:03:48 |
Mathew Hodson |
bug watch removed |
https://bugzilla.redhat.com/show_bug.cgi?id=1985251 |
|
|
2021-11-02 06:04:16 |
Mathew Hodson |
affects |
hplip |
ubuntu-translations |
|
2021-11-02 06:04:29 |
Mathew Hodson |
bug task deleted |
ubuntu-translations |
|
|
2021-11-10 01:05:59 |
Mathew Hodson |
hplip (Ubuntu Bionic): importance |
Undecided |
Low |
|
2021-11-10 01:06:01 |
Mathew Hodson |
hplip (Ubuntu Focal): importance |
Undecided |
Low |
|
2021-11-10 01:06:04 |
Mathew Hodson |
hplip (Ubuntu Hirsute): importance |
Undecided |
Low |
|
2021-11-10 01:06:06 |
Mathew Hodson |
hplip (Ubuntu Impish): importance |
Undecided |
Low |
|
2021-11-10 01:06:08 |
Mathew Hodson |
hplip (Ubuntu Jammy): importance |
Undecided |
Low |
|
2021-11-19 19:23:56 |
Brian Murray |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2021-12-07 15:25:14 |
Sebastien Bacher |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2021-12-07 15:25:23 |
Sebastien Bacher |
hplip (Ubuntu Hirsute): status |
New |
Won't Fix |
|
2021-12-07 15:25:51 |
Sebastien Bacher |
hplip (Ubuntu Impish): assignee |
|
William Wilson (jawn-smith) |
|
2021-12-07 15:26:12 |
Sebastien Bacher |
hplip (Ubuntu Focal): assignee |
|
William Wilson (jawn-smith) |
|
2021-12-07 15:26:20 |
Sebastien Bacher |
hplip (Ubuntu Bionic): assignee |
|
William Wilson (jawn-smith) |
|
2021-12-09 16:21:05 |
Till Kamppeter |
bug |
|
|
added subscriber Thorsten Alteholz |
2022-03-08 15:52:26 |
Sebastien Bacher |
hplip (Ubuntu Bionic): status |
New |
Won't Fix |
|
2022-03-08 15:52:29 |
Sebastien Bacher |
hplip (Ubuntu Focal): status |
New |
Won't Fix |
|
2022-03-08 15:52:31 |
Sebastien Bacher |
hplip (Ubuntu Impish): status |
New |
Won't Fix |
|
2023-06-05 09:25:59 |
Julian Andres Klode |
removed subscriber Ubuntu Sponsors |
|
|
|
2023-06-05 09:27:07 |
Julian Andres Klode |
hplip (Ubuntu Jammy): status |
New |
Won't Fix |
|
2023-06-05 09:27:10 |
Julian Andres Klode |
hplip (Ubuntu): status |
New |
Won't Fix |
|