Bug 826395
Summary: | Client credentials are cached in a world readable file | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | Nick Coghlan <ncoghlan> |
Component: | z_other | Assignee: | Sayli Karmarkar <skarmark> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | Master | CC: | cperry, mkovacik, rbarlow |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 2.4.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-08-09 06:56:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nick Coghlan
2012-05-30 06:29:32 UTC
I believe this is resolved in master, but I do not know which version of Pulp it is fixed in (or if that version is released.) Preethi, to verify this bug, please: 2) $ pulp-admin login… 3) $ ls -lah ~/.pulp/ Make sure the user-cert.pem file is only readable by the owner (should be 600). This was fixed in a prior release of Pulp, but we never put it through the QE process. Moving to ON_QA. Verified in pulp-admin-client-2.4.0-0.11.beta.fc20.noarch # Screen log [root@ec2-54-220-158-169 pulp]# ls -lahdZ /root/.pulp/ drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 /root/.pulp/ [root@ec2-54-220-158-169 pulp]# ls -lahZ /root/.pulp/ drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 . dr-xr-x---. root root system_u:object_r:admin_home_t:s0 .. -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 admin.log -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 consumer.log -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 server_calls.log -rw-------. root root unconfined_u:object_r:admin_home_t:s0 user-cert.pem [root@ec2-54-220-158-169 pulp]# sudo -u apache cat /root/.pulp/admin.log cat: /root/.pulp/admin.log: Permission denied [root@ec2-54-220-158-169 pulp]# sudo -u apache cat /root/.pulp/user-cert.pem cat: /root/.pulp/user-cert.pem: Permission denied [root@ec2-54-220-158-169 pulp]# This has been fixed in Pulp 2.4.0-1. |