698984 – v7 sets /var/v7/store as world-writeable

Bug 698984 - v7 sets /var/v7/store as world-writeable

Summary: v7 sets /var/v7/store as world-writeable

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Hardware Certification Program
Classification:	Retired
Component:	Test Suite (harness)
Sub Component:
Version:	1.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Greg Nichols
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-22 14:12 UTC by Greg Nichols
Modified:	2011-05-09 16:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-09 16:12:14 UTC

Attachments	(Terms of Use)
Makefile patch changing initialization ownership of /var/v7/store to apache (552 bytes, patch) 2011-04-22 14:15 UTC, Greg Nichols	no flags	Details \| Diff
v7 spec file patch setting ownership of /var/v7 to apache (533 bytes, patch) 2011-04-26 15:21 UTC, Greg Nichols	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0497	0	normal	SHIPPED_LIVE	v7 bug fix and enhancement update	2011-05-09 16:11:16 UTC

Description Greg Nichols 2011-04-22 14:12:02 UTC

Description of problem:

v7 sets the directory /var/v7/store as writeable by everyone.   It should set this directory as owned by apache, and restrict writes to apache.

This directory is used by the server to support network testing; a v7 cgi writes to this directory during the network test, and serves files for verification.


Version-Release number of selected component (if applicable):

v7 1.3 R35

Comment 2 Greg Nichols 2011-04-22 14:15:04 UTC

Created attachment 494230 [details]
Makefile patch changing initialization ownership of /var/v7/store to apache

Comment 3 Greg Nichols 2011-04-26 15:21:30 UTC

Created attachment 494948 [details]
v7 spec file patch setting ownership of /var/v7 to apache

Comment 7 Caspar Zhang 2011-05-01 10:10:13 UTC

This bug does not need a Tech Note because of:

1. A Red Hatter reported it
2. It only happened in an intermediate version.

Comment 8 errata-xmlrpc 2011-05-09 16:12:14 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0497.html

Note You need to log in before you can comment on or make changes to this bug.