Hi, Would it make sense to change the default permissions for /usr/local/rc.conf.d/vaultwarden* to 0600 so that the file is not world-readable by default? From what I understand, this file can contain sensitive details like admin tokens and passwords. If it makes sense to you, I can commit a patch to enforce this behavior. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=77489323af09b8953e6822456779a1aa1afe54dc commit 77489323af09b8953e6822456779a1aa1afe54dc Author: Michael Reifenberger <mr@FreeBSD.org> AuthorDate: 2022-07-15 11:32:22 +0000 Commit: Michael Reifenberger <mr@FreeBSD.org> CommitDate: 2022-07-15 11:32:22 +0000 security/vaultwarden: Change file permissions of rc.conf.d/vaultwarden Change file permissions of rc.conf.d/vaultwarden to 0600 While at it: Update web vault to v2022.6.0 PR: 264847 Reported by: mp@ security/vaultwarden/Makefile | 6 ++-- security/vaultwarden/distinfo | 6 ++-- security/vaultwarden/pkg-plist | 63 +++++++++++++++++++++++------------------- 3 files changed, 40 insertions(+), 35 deletions(-)
Great, thanks!