Bug 1276484 - krb5kdc.log file is world-readable by default
Summary: krb5kdc.log file is world-readable by default
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: rawhide
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Robbie Harwood
QA Contact: Fedora Extras Quality Assurance
URL: https://github.com/krb5/krb5/pull/372
Whiteboard:
Depends On:
Blocks: 1256735 1292523
TreeView+ depends on / blocked
 
Reported: 2015-10-29 20:01 UTC by Robbie Harwood
Modified: 2016-01-28 18:22 UTC (History)
10 users (show)

Fixed In Version: krb5-1.14-17.fc24 krb5-1.14-6.fc23
Clone Of: 1256735
Environment:
Last Closed: 2016-01-28 18:22:49 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Robbie Harwood 2015-10-29 20:01:44 UTC 
+++ This bug was initially created as a clone of Bug #1256735 +++

Description of problem: krb5kdc.log file is world-readable

Version-Release number of selected component (if applicable):

[root@ipaserver log]# rpm -qa | grep ipa-server
ipa-server-4.2.0-5.el7.x86_64
ipa-server-trust-ad-4.2.0-5.el7.x86_64
ipa-server-dns-4.2.0-5.el7.x86_64
krb5-server-1.13.2-8.el7.x86_64

How reproducible:Always


Steps to Reproduce:
1. Login to IPA server.
2. Navigate to /var/log directory
3. Check the permission of the krb5kdc.log

Actual results: krb5kdc.log file is world-readable.

-rw-------. 1 root   root          25381 Aug 25 15:42 kadmind.log
-rw-r--r--. 1 root   root        1396050 Aug 25 16:30 krb5kdc.log


Expected results: krb5kdc.log shouldn't be world-readable unless needed and also keeping permissions 0600 to be consistent with other kerberos log files.
Comment 1 Robbie Harwood 2015-12-17 20:16:08 UTC 
Patch submitted for consideration upstream.
Comment 2 Fedora Update System 2016-01-21 22:07:35 UTC 
krb5-1.14-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
Comment 3 Robbie Harwood 2016-01-21 22:08:49 UTC 
I've fixed this in rawhide and f23.  If it is needed in f22, please reopen this and let me know.
Comment 4 Fedora Update System 2016-01-24 04:51:22 UTC 
krb5-1.14-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-35cee11780
Comment 5 Fedora Update System 2016-01-28 18:22:44 UTC 
krb5-1.14-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.