Description of problem: rootsh log directory and files contained are world readable. Which is a high security risk as these files often contain sensitive information used during elevate privileged sessions Version-Release number of selected component (if applicable): rootsh-1.5.3-11.el7.x86_64 rootsh-1.5.3-11.el6 rootsh-1.5.3-11.el5 How reproducible: Always Steps to Reproduce: 1. log in as unprivileged user 2. ls -ld /var/log/rootsh 3. cat /var/log/rootsh/* Actual results: drwxr-xr-x. 2 root root 88 Dec 15 15:07 /var/log/rootsh **** output from rootsh log files **** Expected results: drwxr-x---. 2 root root 88 Dec 15 15:07 /var/log/rootsh cat: /var/log/rootsh/*: Permission denied Additional info:
rootsh-1.5.3-17.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-94665e91e0
rootsh-1.5.3-17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d2b135d345
rootsh-1.5.3-17.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4
rootsh-1.5.3-17.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65
rootsh-1.5.3-17.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65
rootsh-1.5.3-17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d2b135d345
rootsh-1.5.3-17.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-94665e91e0
rootsh-1.5.3-17.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4
rootsh-1.5.3-17.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
rootsh-1.5.3-17.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
rootsh-1.5.3-17.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
rootsh-1.5.3-17.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.