Bug 956474 - OpenStack keystone: /var/log/keystone/ is world readable
Summary: OpenStack keystone: /var/log/keystone/ is world readable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 956809 956814 956819
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-25 04:01 UTC by Kurt Seifried
Modified: 2019-09-29 13:03 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-08 03:32:20 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0806 0 normal SHIPPED_LIVE Low: openstack-keystone security and bug fix update 2013-05-09 22:13:52 UTC

Description Kurt Seifried 2013-04-25 04:01:11 UTC 
The directory /var/log/keystone is world readable and contains log files that
are readable which can result in exposure of sensitive information. We need
to remove the "other readable/execute" bits from the /var/log/keystone directory

[root@rhos log]# ls -la /var/log/keystone
total 8
drwxr-xr-x.  2 keystone keystone 4096 Apr 24 21:37 .
drwxr-xr-x. 22 root     root     4096 Apr 24 21:37 ..
-rw-r--r--.  1 keystone keystone    0 Apr 24 21:37 keystone.log

At this time this is a security hardening issue.
Comment 1 Kurt Seifried 2013-04-25 17:25:29 UTC 
Created openstack-keystone tracking bugs for this issue

Affects: epel-6 [bug 956809]
Comment 2 Kurt Seifried 2013-04-25 17:27:56 UTC 
Created openstack-keystone tracking bugs for this issue

Affects: fedora-all [bug 956814]
Comment 5 errata-xmlrpc 2013-05-09 18:17:22 UTC 
This issue has been addressed in following products:

  OpenStack Folsom for RHEL 6

Via RHSA-2013:0806 https://rhn.redhat.com/errata/RHSA-2013-0806.html
Comment 6 Fedora Update System 2013-05-22 01:29:22 UTC 
openstack-keystone-2012.2.4-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-07-12 19:37:36 UTC 
openstack-keystone-2012.2.4-5.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-07-20 09:32:02 UTC 
openstack-keystone-2013.1.2-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.