It was reported that pulp-gen-nodes-certificate script uses insecurely created temporary files for storing the generated node certificates, allowing local attackers to leak the keys or overwrite arbitrary file via symlink.
Acknowledgments: Name: Jeremy Cline (Red Hat), Sander Bos
Created attachment 1145990 [details] Proposed patch
Created attachment 1146475 [details] Proposed patch I am attaching a revised version of the patch that removes the unneeded umask statement, and credits jcline in the commit message.
This is reported upstream as #1830 and is fixed by PR #2528: https://pulp.plan.io/issues/1830 https://github.com/pulp/pulp/pull/2528
The Pulp upstream bug status is at CLOSED - WORKSFORME. Updating the external tracker on this bug.
The Pulp upstream bug priority is at Low. Updating the external tracker on this bug.
This issue has been addressed in the following products: Red Hat Satellite 6.2 Via RHSA-2016:1501