Bug #7687
closed
File permissions to open for /var/etc/mpd_wan.conf
0%
Description
Considering this file has the clear text password to the ISP account it needs to have something less than world readable.
As the mpd5 process runs as root 0600 would be appropriate.
[2.3.4-RELEASE][admin@pfSense.spurrier.net.au]/var/log: ls l /var/etc/mpd_wan.conf 1 root wheel 878 Jul 11 19:47 /var/etc/mpd_wan.conf
-rw-r--r-
Updated by Jim Pingle about 8 years ago
- Status changed from New to Not a Bug
- Target version deleted (
2.3.4-p1) - Affected Version changed from 2.3.4 to All
- Affected Architecture All added
- Affected Architecture deleted (
amd64)
It's also in /conf/config.xml where it can be read by anyone on the box.
At the moment, it's all a part of how the system operates. Part of a larger architectural/design problem that is more of a long-term fix. And it's being worked on, but changing this one file won't help anything.
Don't give shell or file (e.g. Diag > Edit File or Diag > Command, and so on) access to the firewall to anyone you don't trust to see passwords used by the box.