Bug 1325693 - /etc/pki/pulp/rsa.key is installed world readable
Summary: /etc/pki/pulp/rsa.key is installed world readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pulp
Version: 24
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Randy Barlow
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-10 17:40 UTC by Randy Barlow
Modified: 2016-05-24 18:06 UTC (History)
4 users (show)

Fixed In Version: pulp-2.8.2-2.fc24, pulp-2.8.2-2.fc25 pulp-2.8.3-1.fc24
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-24 18:06:32 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Randy Barlow 2016-04-10 17:40:16 UTC
This is a bug with the Fedora spec file that is not present upstream. The spec file generates an RSA keypair that is used to sign messages sent to consumers that are managed by Pulp. The spec file in Fedora 24 and Rawhide installs this key world-readable.

Fixing the install won't be difficult, but fixing existing installations may be trickier. I am considering adding an instruction in %post that removes read permissions. If we took this path, we'd probably need to maintain it until Fedora 27. No "stable" versions of Fedora have ever shipped with this flaw since Pulp is new in Fedora 24 which is currently in Alpha stage. Even so, I'd be reluctant to ignore existing installations. If anyone has a suggestion of a best practice for ensuring this file has proper permissions I'd love to hear it.

Comment 2 Fedora Update System 2016-05-18 21:46:33 UTC
pulp-2.8.3-1.fc24 pulp-puppet-2.8.3-1.fc24 pulp-rpm-2.8.3-1.fc24 pulp-ostree-1.1.1-1.fc24 pulp-docker-2.0.1-1.fc24 pulp-python-1.1.1-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f9db2293a8

Comment 3 Fedora Update System 2016-05-21 01:33:58 UTC
pulp-2.8.3-1.fc24, pulp-docker-2.0.1-1.fc24, pulp-ostree-1.1.1-1.fc24, pulp-puppet-2.8.3-2.fc24, pulp-python-1.1.1-1.fc24, pulp-rpm-2.8.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f9db2293a8

Comment 4 Fedora Update System 2016-05-24 18:06:13 UTC
pulp-2.8.3-1.fc24, pulp-docker-2.0.1-1.fc24, pulp-ostree-1.1.1-1.fc24, pulp-puppet-2.8.3-2.fc24, pulp-python-1.1.1-1.fc24, pulp-rpm-2.8.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.