Bug 2157091

Summary: Bad permissions for files shipped by libvirt-client [rhel-8.7.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: yalzhang <yalzhang>
Severity: high Docs Contact:
Priority: high    
Version: ---CC: gveitmic, jdenemar, jsuchane, lmen, mprivozn, rmetrich, virt-maint, yalzhang, ymankad
Target Milestone: rcKeywords: Triaged, Upstream, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-8.0.0-10.2.module+el8.7.0+17753+6a6ae27a Doc Type: Bug Fix
Doc Text:
Cause: Some scripts installed by libvirt RPMs have bad permissions (writable by root group). Consequence: This is potentially dangerous as a member of a root group (which is usually just root, but okay) could change the contents of the script. Fix: Scripts are now installed with rwxr-xr-x mode (i.e. writable only by root user). Result: Scripts are now writable by root user only.
 Story Points: ---
Clone Of: 2153688 Environment:
Last Closed: 2023-02-21 09:30:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2153688    
Bug Blocks:    

Comment 5 yalzhang@redhat.com 2023-01-06 01:43:45 UTC 
Test on libvirt-8.0.0-10.2, the result is as expected:
# rpm -q libvirt 
libvirt-8.0.0-10.2.module+el8.7.0+17753+6a6ae27a.x86_64
# ls -al /usr/bin/virt-*-validate
-rwxr-xr-x. 1 root root 25624 Jan  5 06:48 /usr/bin/virt-host-validate
-rwxr-xr-x. 1 root root  9772 Jan  5 06:48 /usr/bin/virt-pki-validate
-rwxr-xr-x. 1 root root  2840 Jan  5 06:48 /usr/bin/virt-xml-validate
Comment 13 errata-xmlrpc 2023-02-21 09:30:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:rhel and virt-devel:rhel bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0845