nova-secret world readable
Bug #1519088 reported by
Bjoern
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Medium
|
Bjoern | ||
Kilo |
Fix Released
|
Medium
|
Jesse Pretorius | ||
Liberty |
Fix Released
|
Medium
|
Jesse Pretorius | ||
Trunk |
Fix Released
|
Medium
|
Bjoern |
Bug Description
Whenever the ceph_client | Define libvirt nova secret task fail, it leaves a nova-secret file behind with open permissions.
At the very least I would limit read access to root only so no one can snoop the client.cinder secret.
The permissions currently rolled out are 644 and should be set to 600
Changed in openstack-ansible: | |
assignee: | nobody → Bjoern Teipel (bjoern-teipel) |
status: | New → In Progress |
Changed in openstack-ansible: | |
importance: | Undecided → Medium |
information type: | Public → Public Security |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/248904
Review: https:/