47132 – kscd puts world writable files in /usr

Bug 47132 - kscd puts world writable files in /usr

Summary: kscd puts world writable files in /usr

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kscd
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Dirk Foersterling

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-08-28 20:18 UTC by cphil
Modified:	2003-02-17 07:31 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Bugzilla Maintainers 2002-08-28 20:10:31 UTC

(*** This bug was imported into bugs.kde.org ***)

Package:           kscd
Version:           kscd: 1.3.3 (using KDE 3.0.7 CVS/CVSup/Snapshot)
Severity:          normal
Installed from:    Compiled sources
Compiler:          Not Specified
OS:                Linux
OS/Compiler notes: mandrake cooker but the bug is long standing

cddb files are put in
/usr/share/apps/kscd/cddb/...
and they are world writable.

As /usr is not normally for variable files they don't belong here there place should be somewhere under /var/lib/... as many sysadmin mount /usr as a read-only partition.

world writable files are also seen as a security threat by checkers such as msec. A cddbusers group should exist or files could be owned and writable by the "user" group but not by anybody.


(Submitted via bugs.kde.org)

Comment 1 Aaron J. Seigo 2002-09-20 23:48:09 UTC

the path can be set in the configuration dialog, and defaults to the KDE 
install prefix, as all KDE apps do. this is not a bug, and it is easy for users 
to change. 
 
as to the security issue of world writable files: if you can show me actual 
security problem, then i'd do something about it. otherwise, this is a 
non-issue and can be handled by integrators if so desired...