Bug 264847

Summary: security/vaultwarden: Change file permissions of rc.conf.d/vaultwarden to 0600
Product: Ports & Packages Reporter: Mateusz Piotrowski <0mp>
Component: Individual Port(s)Assignee: Michael Reifenberger <mr>
Status: Closed FIXED    
Severity: Affects Only Me CC: 0mp
Priority: --- Keywords: needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (mr)
Hardware: Any   
OS: Any   

Description Mateusz Piotrowski freebsd_committer freebsd_triage 2022-06-23 12:37:35 UTC 
Hi,

Would it make sense to change the default permissions for /usr/local/rc.conf.d/vaultwarden* to 0600 so that the file is not world-readable by default? From what I understand, this file can contain sensitive details like admin tokens and passwords.

If it makes sense to you, I can commit a patch to enforce this behavior.

Thanks!
Comment 1 commit-hook freebsd_committer freebsd_triage 2022-07-15 11:36:48 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=77489323af09b8953e6822456779a1aa1afe54dc

commit 77489323af09b8953e6822456779a1aa1afe54dc
Author:     Michael Reifenberger <mr@FreeBSD.org>
AuthorDate: 2022-07-15 11:32:22 +0000
Commit:     Michael Reifenberger <mr@FreeBSD.org>
CommitDate: 2022-07-15 11:32:22 +0000

    security/vaultwarden: Change file permissions of rc.conf.d/vaultwarden

    Change file permissions of rc.conf.d/vaultwarden to 0600
    While at it:
    Update web vault to v2022.6.0

    PR:             264847
    Reported by:    mp@

 security/vaultwarden/Makefile  |  6 ++--
 security/vaultwarden/distinfo  |  6 ++--
 security/vaultwarden/pkg-plist | 63 +++++++++++++++++++++++-------------------
 3 files changed, 40 insertions(+), 35 deletions(-)
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2022-07-22 00:08:36 UTC 
Great, thanks!