console.ring files should not be world readable
Bug #929780 reported by
James Troup
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nova (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
-rw-r--r-- 1 nova nova 65545 2011-10-27 01:41 /srv/nova/
I don't believe that an unprivileged user on a compute node should be
able to read the console output for any instances running on that
node.
Changed in nova (Ubuntu): | |
importance: | Undecided → High |
tags: | added: rls-p-tracking |
tags: | added: canonistack |
To post a comment you must log in.
I'd expect the protection to be on /srv/nova/ instances/ instance- 0000045b in that example, or even further up. An unprivileged user on a compute node shouldn't even be able to get into that directory.