At first glance, the only way I could see these flaws in permissions handling being exploited is if they were made writeable to some other user, and no serious umask should allow that.
But this should definitely be tightened with permissions set across the board, rather than let the current user running keystone-manage mess them up... I think we can open this one up and patch it publicly, no need for an embargoed advisory ?
At first glance, the only way I could see these flaws in permissions handling being exploited is if they were made writeable to some other user, and no serious umask should allow that.
But this should definitely be tightened with permissions set across the board, rather than let the current user running keystone-manage mess them up... I think we can open this one up and patch it publicly, no need for an embargoed advisory ?