Bug 1075209

Summary: [pki] create lock file accessible only to whom can actually enroll
Product: [Retired] oVirt Reporter: Alon Bar-Lev <alonbl>
Component: ovirt-engine-coreAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Stehlik <pstehlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.4CC: acathrow, emesika, gklein, iheim, s.kieske, yeylon
Target Milestone: ---   
Target Release: 3.4.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-08 13:36:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alon Bar-Lev 2014-03-11 17:30:24 UTC 
Currently we create lock file world readable, which is potential for DoS if user locks the file.

Better using permissions of the permissions set of the ca private key, as only these can enroll anyway.
Comment 1 Sandro Bonazzola 2014-05-08 13:36:07 UTC 
This is an automated message

oVirt 3.4.1 has been released:
 * should fix your issue
 * should be available at your local mirror within two days.

If problems still persist, please make note of it in this bug report.