Bug 905075 - certs downloaded via 'x509-create-cert' and 'x509-get-root-cert' commands are world-readable
certs downloaded via 'x509-create-cert' and 'x509-get-root-cert' commands are...
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-novaclient (Show other bugs)
Unspecified Unspecified
medium Severity high
: snapshot5
: 2.1
Assigned To: Jakub Ruzicka
Ami Jeain
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-01-28 09:18 EST by Yaniv Kaul
Modified: 2016-04-26 11:10 EDT (History)
7 users (show)

See Also:
Fixed In Version: python-novaclient-2.10.0-5.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-04-04 13:59:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1112605 None None None Never
OpenStack gerrit 21007 None None None Never

  None (edit)
Description Yaniv Kaul 2013-01-28 09:18:33 EST
Description of problem:
When downloading EC2 certs via the nova client, the files are stored with too much permissions:
[ykaul@ykaul-os-horizon tmp(keystone_ykaul)]$ nova x509-create-cert
Wrote private key to pk.pem
Wrote x509 certificate to cert.pem
[ykaul@ykaul-os-horizon tmp(keystone_ykaul)]$ nova x509-get-root-cert
Wrote x509 root cert to cacert.pem
[ykaul@ykaul-os-horizon tmp(keystone_ykaul)]$ ls -l *.pem
-rw-r--r--. 1 ykaul ykaul 1029 2013-01-28 16:11 cacert.pem
-rw-r--r--. 1 ykaul ykaul 2547 2013-01-28 16:11 cert.pem
-rw-r--r--. 1 ykaul ykaul  891 2013-01-28 16:11 pk.pem

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 5 Ami Jeain 2013-03-19 09:24:11 EDT
verified in python-novaclient-2.10.0-7.el6ost.noarch
Comment 7 errata-xmlrpc 2013-04-04 13:59:39 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.