Red Hat Bugzilla – Bug 828447
CVE-2012-5605 Cloudforms grinder: /var/lib/pulp/cache/grinder directory is world-writeable.
Last modified: 2015-01-04 16:59:25 EST
Description of problem:
The /var/lib/pulp/cache/grinder directory is world-writeable
This might be a blocker of https://bugzilla.redhat.com/show_bug.cgi?id=813571. at a minimum it provides more information.
Errr, i meant dupe, not blocker.
gofer != grinder so I'd say this isn't a dupe.
We are able to fix this in our installer, but I guess it's better to change this in the RPM itself.
fixed in grinder in commit 41ae9d47c4e3db84b5637cc6b6bdd001a7bdc47e
# ls -ld /var/lib/pulp/cache/grinder/
drwxr-x---. 3 apache apache 4096 Jul 5 09:12 /var/lib/pulp/cache/grinder/
I have got the grinder version of: grinder-0.0.149-1.el6cf.noarch and it is _not_ fixed.
One can see:
drwxrwxrwx. 3 apache apache 4096 Sep 19 07:46 /var/lib/pulp/cache/grinder/
... and grinder-0.0.150-1.el6cf.noarch has the fix!
now one can see:
drwxr-x---. 3 apache apache 4096 Oct 3 11:02 /var/lib/pulp/cache/grinder/
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.