Re: Wvdial insecure conf?

[Stefan Riegelnik <sriegelnik () netway at>]

On Wed, 1 Aug 2001, Qlo wrote:

> I've compiled and installed wvdial (a dialer for dial up connection) and the
> program wvdialconf generate a file called wvdial.conf.
> In this file : AT strings, username, pass and another setting like
> /etc/ppp/options.
> But now the problem, with ls -l
>
> -rw-r--r-- 1 root root 335 Aug 1 18:21 wvdial.conf

I do not think so - I think it depends on the permissions of the wvdial.conf, as

[from the man-page of wvdialconf]

       It  is  safe  to  run  wvdialconf if a configuration file already exists.  In that case, only the
       Modem, Baud, Init, and Init2 options are changed in the [Dialer Defaults] section,  and  only  if
       autodetection is successful.

and

root@wnerie /etc# ls -l wvdial.conf
-rw-------    1 root     root          300 Aug  2 02:08 /etc/wvdial.conf

root@wnerie /etc# wvdialconf /etc/wvdial.conf
Scanning your serial ports for a modem.

[...snipp...]

root@wnerie /etc# ls -l wvdial.conf
-rw-------    1 root     root          300 Aug  2 02:10 wvdial.conf


If the file does not exist, the permissions of the file created are 600

root@wnerie /# wvdialconf /tmp/testbuq

[...snipp...]

root@wnerie /tmp# ls -al testbuq
-rw-------    1 root     root          205 Aug  2 02:07 testbuq
root@wnerie /tmp# cat testbuq


[ Tested on Redhat 6.0, 2.2.19, WvDial 1.41 ]

Regards, Stefan

-- 
stefan riegelnik              mailto:sriegelnik () netway at
Whatever occurs from love is always beyond good and evil.
                -- Friedrich Nietzsche