Remove nm-l2tp-hide-secrets-948194.patch (was already fixed)

9e8a93fc · CeRiAl · 83bebbc1 · 83bebbc1
Commit 9e8a93fc authored Mar 27, 2015 by CeRiAl
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 41 deletions

nm-l2tp-hide-secrets-948194.patch patches/nm-l2tp-hide-secrets-948194.patch +0 -41

No files found.
--- a/patches/nm-l2tp-hide-secrets-948194.patch
+++ b/patches/nm-l2tp-hide-secrets-948194.patch
-When nm-l2tp-service creates a temporary file to hold the secret key
-for an IPsec connection, the file it creates is world-readable!  Even
-though the file persists for a short time, this is clearly a security
-risk.
-
-This patch changes the umask so that the temp file will be accessible
-only to root.
-
- src/nm-l2tp-service.c |    4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
-===================================================================
--- NetworkManager-l2tp-0.9.8.7.orig/src/nm-l2tp-service.c
-+++ NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
-@@ -888,6 +888,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin
- 	char session_name[128];
- 	guint sys=0;
- 	FILE *fp;
-+	mode_t orig_umask;
- 
- 	if (!(ipsec_binary=nm_find_ipsec())) {
- 		g_set_error (error,
-@@ -938,7 +939,9 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin
- 		return FALSE;
- 	}
- 
-+	orig_umask = umask(0077);
- 	if(!(fp=fopen("/etc/ipsec.secrets","w"))) {
-+		umask(orig_umask);
- 		rename(tmp_secrets, "/etc/ipsec.secrets");
- 		g_set_error (error,
- 		             NM_VPN_PLUGIN_ERROR,
-@@ -957,6 +960,7 @@ nm_l2tp_start_ipsec(NML2tpPlugin *plugin
- 	if(!value)value="";
- 	fprintf(fp, ": PSK \"%s\"\n",value);
- 	fclose(fp);
-+	umask(orig_umask);
- 
- 	sys += system("PATH=\"/sbin:/usr/sbin:/usr/local/sbin:$PATH\" ipsec secrets");
- 	sys += system(cmd11);