=== modified file 'debian/mandos-client.lintian-overrides' --- debian/mandos-client.lintian-overrides 2022-04-23 21:14:38 +0000 +++ debian/mandos-client.lintian-overrides 2024-09-09 02:51:47 +0000 @@ -1,31 +1,31 @@ # This directory contains secret client key files. -mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm 0700 != 0755 [etc/keys/mandos/] # The directory /usr/lib//mandos/plugins.d contains setuid # binaries which are only meant to be run inside an initial RAM disk # environment (except for test purposes). It would be insecure to # allow anyone to run them. -mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugins.d/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm 0700 != 0755 [usr/lib/*/mandos/plugins.d/] # Likewise for helper executables for plugins -mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugin-helpers/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm 0700 != 0755 [usr/lib/*/mandos/plugin-helpers/] # These binaries must be setuid root, since they need root powers, but # are started by plugin-runner(8mandos), which runs all plugins as # user/group "_mandos". These binaries are never run in a running # system, but only in an initial RAM disk environment. Here they are # protected from non-root access by the directory permissions, above. -mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/mandos-client 4755 root/root -mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/askpass-fifo 4755 root/root -mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/splashy 4755 root/root -mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/usplash 4755 root/root -mandos-client binary: elevated-privileges usr/lib/*/mandos/plugins.d/plymouth 4755 root/root +mandos-client binary: elevated-privileges 4755 root/root [usr/lib/*/mandos/plugins.d/mandos-client] +mandos-client binary: elevated-privileges 4755 root/root [usr/lib/*/mandos/plugins.d/askpass-fifo] +mandos-client binary: elevated-privileges 4755 root/root [usr/lib/*/mandos/plugins.d/splashy] +mandos-client binary: elevated-privileges 4755 root/root [usr/lib/*/mandos/plugins.d/usplash] +mandos-client binary: elevated-privileges 4755 root/root [usr/lib/*/mandos/plugins.d/plymouth] # The directory /etc/mandos/plugins.d can be used by local system # administrators to place plugins in, overriding and complementing # /usr/lib//mandos/plugins.d, and must be likewise protected. -mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm 0700 != 0755 [etc/mandos/plugins.d/] # Likewise for plugin-helpers directory -mandos-client binary: non-standard-dir-perm etc/mandos/plugin-helpers/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm 0700 != 0755 [etc/mandos/plugin-helpers/] # The debconf templates is only used for displaying information # detected in the postinst, not for saving answers to questions, so we === modified file 'debian/mandos.lintian-overrides' --- debian/mandos.lintian-overrides 2019-08-05 21:14:05 +0000 +++ debian/mandos.lintian-overrides 2024-09-09 02:51:47 +0000 @@ -1,7 +1,7 @@ # This config file will normally have encrypted secret client keys in # it, so it must be kept unreadable for non-root users. # -mandos binary: non-standard-file-perm etc/mandos/clients.conf 0600 != 0644 +mandos binary: non-standard-file-perm 0600 != 0644 [etc/mandos/clients.conf] # The debconf templates is only used for displaying information # detected in the postinst, not for saving answers to questions, so we