Bug 956472 - OpenStack glance: /var/log/glance/ is world readable
Summary: OpenStack glance: /var/log/glance/ is world readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 956810 956815 956820
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-25 03:58 UTC by Kurt Seifried
Modified: 2019-09-29 13:03 UTC (History)
31 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-08-10 00:55:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Kurt Seifried 2013-04-25 03:58:09 UTC 
The directory /var/log/glance is world readable and contains log files that
are readable which can result in exposure of sensitive information. We need
to remove the "other readable/execute" bits from the /var/log/glance directory

[root@rhos log]# ls -la /var/log/glance/
total 364
drwxr-xr-x.  2 glance glance   4096 Apr 24 21:37 .
drwxr-xr-x. 22 root   root     4096 Apr 24 21:37 ..
-rw-r--r--.  1 glance glance 175180 Apr 24 21:56 api.log
-rw-r--r--.  1 glance glance 175078 Apr 24 21:56 registry.log
-rw-r--r--.  1 glance glance    663 Apr 24 21:37 scrubber.log

At this	time this is a security hardening issue.
Comment 1 Kurt Seifried 2013-04-25 17:25:54 UTC 
Created openstack-glance tracking bugs for this issue

Affects: epel-6 [bug 956810]
Comment 2 Kurt Seifried 2013-04-25 17:28:25 UTC 
Created openstack-glance tracking bugs for this issue

Affects: fedora-all [bug 956815]
Comment 5 Fedora Update System 2013-11-21 04:40:16 UTC 
openstack-glance-2013.1.4-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-12-28 23:41:18 UTC 
openstack-glance-2013.2.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.