Bug 1489989 - File Permission set to 666 or 777(world writable files) on the yum cache files, these are reverted even after changing
Summary: File Permission set to 666 or 777(world writable files) on the yum cache file...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rhnsd
Version: 7.4
Hardware: x86_64
OS: Linux
Target Milestone: rc
: 7.5
Assignee: Tomáš Kašpárek
QA Contact: Red Hat Satellite QA List
Filip Hanzelka
Depends On:
Blocks: 1420851 1506910
TreeView+ depends on / blocked
Reported: 2017-09-09 00:12 UTC by Ganesh Payelkar
Modified: 2021-06-10 12:59 UTC (History)
7 users (show)

Fixed In Version: rhnsd-5.0.13-8-el7
Doc Type: Release Note
Doc Text:
"rhn_check" no longer modifies permissions on files in `/var/cache/yum/` Previously, when the *Red Hat Network Daemon* (rhnsd) executed the "rhn_check" command, the command modified permissions on the files in the `/var/cache/yum/` directory incorrectly, resulting in a vulnerability. This bug has been fixed and "rhn_check" no longer modifies permissions on the files in the `/var/cache/yum/` directory.
Clone Of:
: 1506910 (view as bug list)
Last Closed: 2018-04-10 12:17:18 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0759 0 None None None 2018-04-10 12:18:11 UTC

Description Ganesh Payelkar 2017-09-09 00:12:10 UTC
Description of problem:

 - rhn_check command executed in rhnsd daemon changed the file permission in yum cache into 0666.
  - This happened when the cache was recreated. rhn_check can recreate it.
  - When a new file was created in rhnsd, the file was created with mode=0666. Because umask=0000. (comment #56 and #57)
  - rhnsd is running with umask=0000 in RHEL7. it's running with umask=0022 in RHEL6.
  - On umask=0000, the default permission of the new file should be 0666. So, this matches their problem.
  - umask is set in latest rhnsd itself in RHEL7. (C#57)  The code to set it doesn't exist in rhnsd of RHEL6.
  - This should be regression. (need to check)
      rhnsd-5.0.13-5.el7: umask(0) is NOT executed in main() of rhnsd.c.
      rhnsd-5.0.13-7.el7: umask(0) is executed in main() of rhnsd.c.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 12 Tomáš Kašpárek 2017-09-19 07:39:42 UTC
spacewalk.git(master): d135f7e0d8da186f7d9d0dcdcbb0214fc625e9d9

Comment 24 Pavel Studeník 2017-12-08 16:46:24 UTC
Verified with rhnsd-5.0.13-10.el7.x86_64

>> ll /var/run/rhn_check.pid 
-rwxr-xr-x. 1 root root 5  8. pro 10.59 /var/run/rhn_check.pid
-rw-r--r--. 1 root root 4  8. pro 08.17 /var/run/rhnsd.pid

>> find /var/cache -name repomd.xml -ls 
707    8 -rw-r--r--   1 root     root         1545 Nov 21 01:37 /var/cache/yum/x86_64/7Server/rhn-tools-rhel-x86_64-server-7/repomd.xml
4862657    8 -rw-r--r--   1 root     root         1545 Dec  8 01:30 /var/cache/yum/x86_64/7Server/rhel-x86_64-server-7/repomd.xml

Comment 30 errata-xmlrpc 2018-04-10 12:17:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.