Bug 845336 – /var/run/tuned/tuned.pid created with insecure permissions

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 845336 - /var/run/tuned/tuned.pid created with insecure permissions

Summary:	/var/run/tuned/tuned.pid created with insecure permissions

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	tuned (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Jan Vcelak
QA Contact:	qe-baseos-daemons
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	CVE-2012-6136
	Show dependency tree / graph

Reported:	2012-08-02 13:25 EDT by Aron Parsons
Modified:	2013-03-06 18:34 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	tuned-0.2.19-8.el6
Doc Type:	Bug Fix
Doc Text:	Cause: tuned service started Consequence: tuned PID file is crated with world-writable permissions Fix: applied patch to create the file with secure permissions Result: tuned PID file is not world-writable
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-21 05:05:13 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0386	normal	SHIPPED_LIVE	tuned bug fix update	2013-02-20 15:51:53 EST

Groups: None (edit)

Description Aron Parsons 2012-08-02 13:25:17 EDT

Description of problem:
tuned's PID file is created with insecure permissions.  /usr/sbin/tuned explicitly sets its umask to 0; it should either not do this and inherit the umask from its init script or set it to something sane, like 022. 

Version-Release number of selected component (if applicable):
tuned-0.2.19-7.el6.noarch

How reproducible:
always

Steps to Reproduce:
1. yum -y install tuned
2. service tuned start
3. ls -l /var/run/tuned/tuned.pid
  
Actual results:
666

Expected results:
644

Comment 2 RHEL Product and Program Management 2012-09-14 12:10:50 EDT

This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.

Comment 4 Jan Vcelak 2012-09-24 09:12:17 EDT

http://git.fedorahosted.org/cgit/tuned.git/commit/?h=1.0&id=9e8f670

Comment 5 Jan Vcelak 2012-09-27 10:32:19 EDT

Resolved in tuned-0.2.19-8.el6

Comment 9 errata-xmlrpc 2013-02-21 05:05:13 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0386.html

Note You need to log in before you can comment on or make changes to this bug.