Bug 1088756

Summary: Wrong permission for configuration file /etc/sysconfig/virt-who
Product: Red Hat Enterprise Linux 5 Reporter: Radek Novacek <rnovacek>
Component: virt-whoAssignee: Radek Novacek <rnovacek>
Status: CLOSED ERRATA QA Contact: gaoshang <sgao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.11CC: liliu, ovasik, shihliu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virt-who-0.9-2.el5 Doc Type: Bug Fix
Doc Text:
Cause: Configuration file for virt-who had wrong permission and was world-readable, although it can contain passwords. Consequence: Any user could read the passwords from the configuration file. Fix: Change the permissions to be root-readable only. Result: Non-root users can't read passwords from the configuration files.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-16 00:29:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1088732    

Description Radek Novacek 2014-04-17 06:51:06 UTC 
Configuration file /etc/sysconfig/virt-who may contain passwords but its permissions are 644 (rw-r--r--). It should be 600 (rw-------) to prevent non-root users to read the configuration file.
Comment 1 RHEL Program Management 2014-04-17 07:18:20 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 2 Radek Novacek 2014-04-17 08:07:45 UTC 
Fixed in virt-who-0.9-2.el5.

The fix only affects new installations (when the config file not yet exists), it might break some user workflow when we would change that for existing installations.
Comment 4 Liushihui 2014-04-28 03:36:45 UTC 
Verified on virt-who-0.9-2.el5
Configuration file /etc/sysconfig/virt-who permissions has updated to 600 (rw-------)
[root@dhcp-128-110 libvirt-test-API]# ls -al /etc/sysconfig/virt-who 
-rw------- 1 root root 2088 Apr 27 21:55 /etc/sysconfig/virt-who
Comment 6 errata-xmlrpc 2014-09-16 00:29:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1206.html