It was reported that certificate that identifies agent is written to etc/pki/pulp/consumer/consumer-cert.pem with 644 permissions and contains also the private key, making it world-readable.
Name: Jeremy Cline (Red Hat)
Created attachment 1146527 [details]
This fixes the issue where new certificates and keys are written with 644 permissions, but it doesn't do anything for all the keys and certificates that already exist.
From a security perspective, the current proposed patch seems OK, but I believe this code needs to be able to work in Python 2.4 (RHEL 5) which does not have the with statement available.
Created attachment 1146538 [details]
This patch works with Python 2.4 which is a requirement, as Randy noted. Thanks, Randy!
This patch looks good to me, thanks jcline!
This issue has been addressed in the following products:
Red Hat Satellite 6.2