Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1411405 - Harden default permissions on files containing passwords
Harden default permissions on files containing passwords
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-tripleoclient (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: Upstream M3
: 12.0 (Pike)
Assigned To: RHOS Maint
Prasanth Anbalagan
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-09 11:12 EST by Nathan Kinder
Modified: 2018-03-19 10:04 EDT (History)
11 users (show)

See Also:
Fixed In Version: python-tripleoclient-7.1.1-0.20170616130648.6030cd1.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-13 16:00:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 446071 None None None 2017-03-15 13:36 EDT
OpenStack gerrit 446083 None None None 2017-03-15 13:37 EDT
Red Hat Product Errata RHEA-2017:3462 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-15 20:43:25 EST

  None (edit)
Description Nathan Kinder 2017-01-09 11:12:29 EST 
As a part of investigating bug#1351275, it was noticed that some of the default permissions on files that contain passwords (such as stackrc files) in a Director deployment are more open than they should be.  In particular, in the undercloud node:

/root/stackrc has root/root ownership and 600 permissions
/home/stack/stackrc has stack/stack ownership and 600 permissions
/home/stack/overcloudrc has stack/stack ownership and 664 permissions
/home/stack/undercloud-passwords.conf has stack/stack ownership and 664 permissions.

Items 1 and 2 are ok (600 permissions), but 3 and 4 should be locked down to 600.  This is not a vulnerability since /home/stack defaults to 700 permissions, but it should still be hardened to prevent accidental exposure of passwords if the permissions of /home/stack change in the future.
Comment 1 Rob Crittenden 2017-03-16 13:38:42 EDT 
Both reviews have merged in their respective upstreams. Fix for both was to chmod 0600 the files.

This was merged into python-tripleoclient and instack-undercloud.
Comment 7 errata-xmlrpc 2017-12-13 16:00:46 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.