[katello-devel] CVE-2012-5561 - /etc/katello/secure is world readable
Jordan OMara
jomara at redhat.com
Thu Jan 3 22:01:27 UTC 2013
/etc/katello/secure/passphrase is currently world readable, presenting
a minor security vulnerability
I just submitted : https://github.com/Katello/katello/pull/1349 to fix
this issue. Here's what it does:
1. apply umask 0007 before passphrase creation
2. create katello_shared group
3. add katello + tomcat to katello_shared group
4. chgrp katello_shared on /etc/katello/secure
Keep this in mind if in the future foreman, pulp, etc need access to
this directory.
--
Jordan O'Mara <jomara at redhat.com>
Red Hat Engineering, Raleigh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/katello-devel/attachments/20130103/c8577b8b/attachment.sig>
More information about the katello-devel
mailing list