1075209 – [pki] create lock file accessible only to whom can actually enroll

Bug 1075209 - [pki] create lock file accessible only to whom can actually enroll

Summary: [pki] create lock file accessible only to whom can actually enroll

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	ovirt-engine-core
Sub Component:
Version:	3.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.4.1
Assignee:	Alon Bar-Lev
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-11 17:30 UTC by Alon Bar-Lev
Modified:	2014-05-08 13:36 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-05-08 13:36:07 UTC
oVirt Team:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	25084	None	None	None	Never
oVirt gerrit	25629	None	MERGED	pki: enforce lock file permissions same as ca private key	Never
oVirt gerrit	26044	None	MERGED	pki: enforce lock file permissions same as ca private key	Never

Description Alon Bar-Lev 2014-03-11 17:30:24 UTC

Currently we create lock file world readable, which is potential for DoS if user locks the file.

Better using permissions of the permissions set of the ca private key, as only these can enroll anyway.

Comment 1 Sandro Bonazzola 2014-05-08 13:36:07 UTC

This is an automated message

oVirt 3.4.1 has been released:
 * should fix your issue
 * should be available at your local mirror within two days.

If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.