Andreas Beckmann debian reports: openvswitch-pki creates the following world writable directories during installation: drwx-wx-wx 2 root root 40 Aug 1 05:32 /var/lib/openvswitch/pki/controllerca/incoming drwx-wx-wx 2 root root 40 Aug 1 05:32 /var/lib/openvswitch/pki/switchca/incoming Even if an ordinary local user cannot list the contents of the directory, he may correctly derive/guess filenames (unless they are exclusively $(mktemp)) and delete and replace files in there. I don't know how openvswitch-pki works, how it uses this directory, what probelms could possibly arise out of this. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 Please note on Fedora 16 and 17 run the command: /usr/bin/ovs-pki --force init to create the directories.
Created openvswitch tracking bugs for this issue Affects: fedora-all [bug 845351]
Fixes pushed to all affected Fedora versions.
See comment #c2