Bug 2157092

Summary: Bad permissions for files shipped by libvirt-client [rhel-8.6.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: yalzhang <yalzhang>
Severity: high Docs Contact:
Priority: high    
Version: ---CC: gveitmic, jdenemar, jsuchane, lmen, mprivozn, rmetrich, virt-maint, yalzhang, ymankad
Target Milestone: rcKeywords: Triaged, Upstream, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-8.0.0-5.6.module+el8.6.0+17751+d6559882 Doc Type: Bug Fix
Doc Text:
Cause: Some scripts installed by libvirt RPMs have bad permissions (writable by root group). Consequence: This is potentially dangerous as a member of a root group (which is usually just root, but okay) could change the contents of the script. Fix: Scripts are now installed with rwxr-xr-x mode (i.e. writable only by root user). Result: Scripts are now writable by root user only.
 Story Points: ---
Clone Of: 2153688 Environment:
Last Closed: 2023-01-24 14:39:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2153688    
Bug Blocks:    

Comment 2 yalzhang@redhat.com 2023-01-06 03:28:40 UTC 
Test on libvirt-8.0.0-5.6, the result is as expected:

# rpm -q libvirt 
libvirt-8.0.0-5.6.module+el8.6.0+17751+d6559882.x86_64

# ls -al /usr/bin/virt-*-validate
-rwxr-xr-x. 1 root root 25568 Jan  5 05:27 /usr/bin/virt-host-validate
-rwxr-xr-x. 1 root root  9772 Jan  5 05:26 /usr/bin/virt-pki-validate
-rwxr-xr-x. 1 root root  2840 Jan  5 05:26 /usr/bin/virt-xml-validate
Comment 6 yalzhang@redhat.com 2023-01-09 10:14:20 UTC 
verified per comment 2
Comment 10 errata-xmlrpc 2023-01-24 14:39:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0432