1217089 – Dashboard's local_settings file should not be world readable

Bug 1217089 - Dashboard's local_settings file should not be world readable

Summary: Dashboard's local_settings file should not be world readable

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-packstack
Sub Component:
Version:	6.0 (Juno)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	7.0 (Kilo)
Assignee:	Ivan Chavero
QA Contact:	Ido Ovadia
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-04-29 14:09 UTC by Fabien Malfoy
Modified:	2023-09-18 00:22 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-packstack-2015.1-0.15.dev1589.g1d6372f.el7ost
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-18 16:45:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	253294	None	None	None	Never
Red Hat Issue Tracker	OSP-28780	None	None	None	2023-09-18 00:17:13 UTC
Red Hat Product Errata	RHBA-2016:0265	normal	SHIPPED_LIVE	openstack-packstack and openstack-puppet-modules bug fix advisory	2016-02-18 21:41:18 UTC

Description Fabien Malfoy 2015-04-29 14:09:26 UTC

Description of problem:
The file /etc/openstack-dashboard/local_settings contains some security values which should not be publicly disclosed like the SECRET_KEY. According to the documentation of Django, this value should remain secret : https://docs.djangoproject.com/en/dev/ref/settings/#secret-key

Version-Release number of selected component (if applicable):
openstack-packstack-2014.2-0.16.dev1401.gdd19d48.el7ost.noarch
openstack-dashboard-2014.2.2-2.el7ost.noarch

How reproducible:
Installing Openstack Horizon using Packstack

Steps to Reproduce:
1. Install Packstack
2. Install Openstack Horizon using Packstack

Actual results:
The file /etc/openstack-dashboard/local_settings gets mode 644

Expected results:
The file's mode should be 640 to preserve its content

Additional info:
Log message from horizon.pp
Notice: /Stage[main]/Horizon/File[/etc/openstack-dashboard/local_settings]/mode: mode changed '0640' to '0644'

Comment 4 Ivan Chavero 2015-12-08 07:34:18 UTC

Can i have qa and pm acks please?

Comment 7 Ido Ovadia 2016-01-24 19:44:33 UTC

Verified
========
openstack-packstack-2015.1-0.15.dev1589.g1d6372f.el7ost.noarch

Comment 10 errata-xmlrpc 2016-02-18 16:45:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0265.html

Comment 11 David Moreau Simard 2016-03-18 21:57:05 UTC

The security fix has been sent to the upstream puppet-horizon module that Packstack consumes [1]. Once the patch lands there, we will revert the fix in Packstack [2] as it will no longer be necessary.

[1]: https://review.openstack.org/#/c/294823/
[2]: https://review.openstack.org/#/c/294825/

Comment 12 Red Hat Bugzilla 2023-09-18 00:11:26 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.