It was reported that certificate that identifies agent is written to etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions and contains also the private key, making it world-readable.
Acknowledgments: Name: Jeremy Cline (Red Hat)
Created attachment 1146527 [details] Proposed patch This fixes the issue where new certificates and keys are written with 644 permissions, but it doesn't do anything for all the keys and certificates that already exist.
From a security perspective, the current proposed patch seems OK, but I believe this code needs to be able to work in Python 2.4 (RHEL 5) which does not have the with statement available.
Created attachment 1146538 [details] python2.4-compatible patch This patch works with Python 2.4 which is a requirement, as Randy noted. Thanks, Randy!
This patch looks good to me, thanks jcline!
This issue has been addressed in the following products: Red Hat Satellite 6.2 Via RHSA-2016:1501