Bug 1489989

Summary: File Permission set to 666 or 777(world writable files) on the yum cache files, these are reverted even after changing
Product: Red Hat Enterprise Linux 7 Reporter: Ganesh Payelkar <gpayelka>
Component: rhnsdAssignee: Tomáš Kašpárek <tkasparek>
Status: CLOSED ERRATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: high Docs Contact: Filip Hanzelka <fhanzelk>
Priority: high    
Version: 7.4CC: galtukho, jhutar, mmatsuya, rvdwees, tkasparek, tlestach, vanhoof
Target Milestone: rcKeywords: Regression, ZStream
Target Release: 7.5   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rhnsd-5.0.13-8-el7 Doc Type: Release Note
Doc Text:
"rhn_check" no longer modifies permissions on files in `/var/cache/yum/` Previously, when the *Red Hat Network Daemon* (rhnsd) executed the "rhn_check" command, the command modified permissions on the files in the `/var/cache/yum/` directory incorrectly, resulting in a vulnerability. This bug has been fixed and "rhn_check" no longer modifies permissions on the files in the `/var/cache/yum/` directory.
Story Points: ---
Clone Of:
: 1506910 (view as bug list) Environment:
Last Closed: 2018-04-10 12:17:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1420851, 1506910    

Description Ganesh Payelkar 2017-09-09 00:12:10 UTC
Description of problem:

 - rhn_check command executed in rhnsd daemon changed the file permission in yum cache into 0666.
  - This happened when the cache was recreated. rhn_check can recreate it.
  - When a new file was created in rhnsd, the file was created with mode=0666. Because umask=0000. (comment #56 and #57)
  - rhnsd is running with umask=0000 in RHEL7. it's running with umask=0022 in RHEL6.
  - On umask=0000, the default permission of the new file should be 0666. So, this matches their problem.
  - umask is set in latest rhnsd itself in RHEL7. (C#57)  The code to set it doesn't exist in rhnsd of RHEL6.
  - This should be regression. (need to check)
      rhnsd-5.0.13-5.el7: umask(0) is NOT executed in main() of rhnsd.c.
      rhnsd-5.0.13-7.el7: umask(0) is executed in main() of rhnsd.c.

Version-Release number of selected component (if applicable):
rhnsd-5.0.13

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 12 Tomáš Kašpárek 2017-09-19 07:39:42 UTC
spacewalk.git(master): d135f7e0d8da186f7d9d0dcdcbb0214fc625e9d9

Comment 24 Pavel Studeník 2017-12-08 16:46:24 UTC
Verified with rhnsd-5.0.13-10.el7.x86_64

>> ll /var/run/rhn_check.pid 
-rwxr-xr-x. 1 root root 5  8. pro 10.59 /var/run/rhn_check.pid
-rw-r--r--. 1 root root 4  8. pro 08.17 /var/run/rhnsd.pid

>> find /var/cache -name repomd.xml -ls 
707    8 -rw-r--r--   1 root     root         1545 Nov 21 01:37 /var/cache/yum/x86_64/7Server/rhn-tools-rhel-x86_64-server-7/repomd.xml
4862657    8 -rw-r--r--   1 root     root         1545 Dec  8 01:30 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/repomd.xml

Comment 30 errata-xmlrpc 2018-04-10 12:17:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0759