1489989 – File Permission set to 666 or 777(world writable files) on the yum cache files, these are reverted even after changing

Bug 1489989 - File Permission set to 666 or 777(world writable files) on the yum cache files, these are reverted even after changing

Summary: File Permission set to 666 or 777(world writable files) on the yum cache file...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	rhnsd
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	7.5
Assignee:	Tomáš Kašpárek
QA Contact:	Red Hat Satellite QA List
Docs Contact:	Filip Hanzelka
URL:
Whiteboard:
Depends On:
Blocks:	1420851 1506910
TreeView+	depends on / blocked

Reported:	2017-09-09 00:12 UTC by Ganesh Payelkar
Modified:	2021-06-10 12:59 UTC (History)
CC List:	7 users (show)
Fixed In Version:	rhnsd-5.0.13-8-el7
Doc Type:	Release Note
Doc Text:	"rhn_check" no longer modifies permissions on files in `/var/cache/yum/` Previously, when the Red Hat Network Daemon (rhnsd) executed the "rhn_check" command, the command modified permissions on the files in the `/var/cache/yum/` directory incorrectly, resulting in a vulnerability. This bug has been fixed and "rhn_check" no longer modifies permissions on the files in the `/var/cache/yum/` directory.
Clone Of:
Clones:	1506910 (view as bug list)
Environment:
Last Closed:	2018-04-10 12:17:18 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0759	0	None	None	None	2018-04-10 12:18:11 UTC

Description Ganesh Payelkar 2017-09-09 00:12:10 UTC

Description of problem:

 - rhn_check command executed in rhnsd daemon changed the file permission in yum cache into 0666.
  - This happened when the cache was recreated. rhn_check can recreate it.
  - When a new file was created in rhnsd, the file was created with mode=0666. Because umask=0000. (comment #56 and #57)
  - rhnsd is running with umask=0000 in RHEL7. it's running with umask=0022 in RHEL6.
  - On umask=0000, the default permission of the new file should be 0666. So, this matches their problem.
  - umask is set in latest rhnsd itself in RHEL7. (C#57)  The code to set it doesn't exist in rhnsd of RHEL6.
  - This should be regression. (need to check)
      rhnsd-5.0.13-5.el7: umask(0) is NOT executed in main() of rhnsd.c.
      rhnsd-5.0.13-7.el7: umask(0) is executed in main() of rhnsd.c.

Version-Release number of selected component (if applicable):
rhnsd-5.0.13

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 12 Tomáš Kašpárek 2017-09-19 07:39:42 UTC

spacewalk.git(master): d135f7e0d8da186f7d9d0dcdcbb0214fc625e9d9

Comment 24 Pavel Studeník 2017-12-08 16:46:24 UTC

Verified with rhnsd-5.0.13-10.el7.x86_64

>> ll /var/run/rhn_check.pid 
-rwxr-xr-x. 1 root root 5  8. pro 10.59 /var/run/rhn_check.pid
-rw-r--r--. 1 root root 4  8. pro 08.17 /var/run/rhnsd.pid

>> find /var/cache -name repomd.xml -ls 
707    8 -rw-r--r--   1 root     root         1545 Nov 21 01:37 /var/cache/yum/x86_64/7Server/rhn-tools-rhel-x86_64-server-7/repomd.xml
4862657    8 -rw-r--r--   1 root     root         1545 Dec  8 01:30 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/repomd.xml

Comment 30 errata-xmlrpc 2018-04-10 12:17:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0759

Note You need to log in before you can comment on or make changes to this bug.