Bug 1571247 - engine-backup creates backup file with too permissive mode
Summary: engine-backup creates backup file with too permissive mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Backup-Restore.Engine
Version: 4.2.3.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.3.0
: 4.3.0
Assignee: Asaf Rachmani
QA Contact: Lukas Svaty
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-24 11:55 UTC by Jiri Belka
Modified: 2019-02-13 07:48 UTC (History)
2 users (show)

Fixed In Version: ovirt-engine-4.3.0_alpha
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-13 07:48:01 UTC
oVirt Team: Integration
Embargoed:
ylavi: ovirt-4.3+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 90794 0 master MERGED packaging: engine-backup: Update files permissions 2018-05-07 06:59:06 UTC

Description Jiri Belka 2018-04-24 11:55:59 UTC
Description of problem:

result of my engine-backup run:

# engine-backup --file=/tmp/backup-test --log=/tmp/backup-test.log --mode=backup
Backing up:
Notifying engine
- Files
- Engine database 'engine'
- DWH database 'ovirt_engine_history'
Packing into file '/tmp/backup-test'
Notifying engine
Done.

# ls -l /tmp/backup-test*
-rw-r--r--. 1 root root 156955518 Apr 24 13:45 /tmp/backup-test
-rw-r--r--. 1 root root      3209 Apr 24 13:45 /tmp/backup-test.log

let's assume some user could use world-accessible dir as destination directory - eg. /tmp - thus backup file could be readable by world.

it seems like changing umask could be enough, not tested at all.

Version-Release number of selected component (if applicable):
ovirt-engine-tools-backup-4.2.3-0.1.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. run engine-backup in backup mode
2. check unix rights (DAC) on the file
3.

Actual results:
0644

Expected results:
'all' should not have 'r', maybe group too

Additional info:

Comment 1 Jiri Belka 2018-08-30 07:32:17 UTC
ok,

# rpm -qf `which engine-backup`
ovirt-engine-tools-backup-4.3.0-0.0.master.20180828114844.git0bc18b1.el7.noarch


# ls -l /tmp/backup*
-rw-------. 1 root root 864857 Aug 29 21:02 /tmp/backup-test
-rw-------. 1 root root   3239 Aug 29 21:02 /tmp/backup-test.log

Comment 3 Sandro Bonazzola 2018-11-02 14:29:01 UTC
This bugzilla is included in oVirt 4.2.7 release, published on November 2nd 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Comment 4 Sandro Bonazzola 2018-11-02 14:59:40 UTC
Closed by mistake, moving back to qa -> verified

Comment 5 Sandro Bonazzola 2019-02-13 07:48:01 UTC
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.