Bug 956472 - OpenStack glance: /var/log/glance/ is world readable
OpenStack glance: /var/log/glance/ is world readable
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130424,repor...
: Security
Depends On: 956810 956815 956820
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-24 23:58 EDT by Kurt Seifried
Modified: 2016-04-26 15:57 EDT (History)
31 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-09 20:55:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2013-04-24 23:58:09 EDT
The directory /var/log/glance is world readable and contains log files that
are readable which can result in exposure of sensitive information. We need
to remove the "other readable/execute" bits from the /var/log/glance directory

[root@rhos log]# ls -la /var/log/glance/
total 364
drwxr-xr-x.  2 glance glance   4096 Apr 24 21:37 .
drwxr-xr-x. 22 root   root     4096 Apr 24 21:37 ..
-rw-r--r--.  1 glance glance 175180 Apr 24 21:56 api.log
-rw-r--r--.  1 glance glance 175078 Apr 24 21:56 registry.log
-rw-r--r--.  1 glance glance    663 Apr 24 21:37 scrubber.log

At this	time this is a security hardening issue.
Comment 1 Kurt Seifried 2013-04-25 13:25:54 EDT
Created openstack-glance tracking bugs for this issue

Affects: epel-6 [bug 956810]
Comment 2 Kurt Seifried 2013-04-25 13:28:25 EDT
Created openstack-glance tracking bugs for this issue

Affects: fedora-all [bug 956815]
Comment 5 Fedora Update System 2013-11-20 23:40:16 EST
openstack-glance-2013.1.4-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-12-28 18:41:18 EST
openstack-glance-2013.2.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.