Bug 1526255 - rootsh log directory is world readable
Summary: rootsh log directory is world readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: rootsh
Version: epel7
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Tom "spot" Callaway
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-15 04:18 UTC by Aaron Howell
Modified: 2018-03-22 16:42 UTC (History)
1 user (show)

Fixed In Version: rootsh-1.5.3-17.fc26 rootsh-1.5.3-17.fc27 rootsh-1.5.3-17.el7 rootsh-1.5.3-17.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-18 21:11:00 UTC


Attachments (Terms of Use)

Description Aaron Howell 2017-12-15 04:18:30 UTC
Description of problem:
rootsh log directory and files contained are world readable. Which is a high security risk as these files often contain sensitive information used during elevate privileged sessions

Version-Release number of selected component (if applicable):
rootsh-1.5.3-11.el7.x86_64
rootsh-1.5.3-11.el6
rootsh-1.5.3-11.el5

How reproducible:
Always

Steps to Reproduce:
1. log in as unprivileged user
2. ls -ld /var/log/rootsh
3. cat /var/log/rootsh/*

Actual results:
drwxr-xr-x. 2 root root 88 Dec 15 15:07 /var/log/rootsh
**** output from rootsh log files ****

Expected results:
drwxr-x---. 2 root root 88 Dec 15 15:07 /var/log/rootsh
cat: /var/log/rootsh/*: Permission denied

Additional info:

Comment 1 Fedora Update System 2018-01-10 19:06:32 UTC
rootsh-1.5.3-17.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-94665e91e0

Comment 2 Fedora Update System 2018-01-10 19:06:43 UTC
rootsh-1.5.3-17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d2b135d345

Comment 3 Fedora Update System 2018-01-10 19:06:53 UTC
rootsh-1.5.3-17.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4

Comment 4 Fedora Update System 2018-01-10 19:07:03 UTC
rootsh-1.5.3-17.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65

Comment 5 Fedora Update System 2018-01-11 15:12:47 UTC
rootsh-1.5.3-17.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65

Comment 6 Fedora Update System 2018-01-11 23:08:19 UTC
rootsh-1.5.3-17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d2b135d345

Comment 7 Fedora Update System 2018-01-11 23:42:11 UTC
rootsh-1.5.3-17.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-94665e91e0

Comment 8 Fedora Update System 2018-01-11 23:57:41 UTC
rootsh-1.5.3-17.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-752a7c9ad4

Comment 9 Fedora Update System 2018-01-18 21:11:00 UTC
rootsh-1.5.3-17.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2018-01-18 21:30:44 UTC
rootsh-1.5.3-17.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2018-03-22 16:36:27 UTC
rootsh-1.5.3-17.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2018-03-22 16:42:15 UTC
rootsh-1.5.3-17.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.