Bug 47132

Summary: kscd puts world writable files in /usr
Product: kscd Reporter: cphil
Component: generalAssignee: Dirk Foersterling <millibyte>
Status: RESOLVED NOT A BUG    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:

Description Bugzilla Maintainers 2002-08-28 20:10:31 UTC 
(*** This bug was imported into bugs.kde.org ***)

Package:           kscd
Version:           kscd: 1.3.3 (using KDE 3.0.7 CVS/CVSup/Snapshot)
Severity:          normal
Installed from:    Compiled sources
Compiler:          Not Specified
OS:                Linux
OS/Compiler notes: mandrake cooker but the bug is long standing

cddb files are put in
/usr/share/apps/kscd/cddb/...
and they are world writable.

As /usr is not normally for variable files they don't belong here there place should be somewhere under /var/lib/... as many sysadmin mount /usr as a read-only partition.

world writable files are also seen as a security threat by checkers such as msec. A cddbusers group should exist or files could be owned and writable by the "user" group but not by anybody.


(Submitted via bugs.kde.org)
Comment 1 Aaron J. Seigo 2002-09-20 23:48:09 UTC 
the path can be set in the configuration dialog, and defaults to the KDE 
install prefix, as all KDE apps do. this is not a bug, and it is easy for users 
to change. 
 
as to the security issue of world writable files: if you can show me actual 
security problem, then i'd do something about it. otherwise, this is a 
non-issue and can be handled by integrators if so desired...