It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file.
It was reported that Pulp node certificates containing private keys are stored in /etc/pki/pulp/nodes/ directory as world-readable.
Name: Randy Barlow (Red Hat), Jeremy Cline (Red Hat)
Created attachment 1145987 [details]
Created attachment 1146471 [details]
I am amending the proposed patch to use the -Z flag on mv, and to credit jcline in the commit message for independently reporting the issue.
This issue is filed upstream as #1833 and is fixed by PR #2529:
The Pulp upstream bug status is at CLOSED - WORKSFORME. Updating the external tracker on this bug.
The Pulp upstream bug priority is at Low. Updating the external tracker on this bug.
This issue has been addressed in the following products:
Red Hat Satellite 6.2