Do not tolerate world readable os-collect-config.conf

Bug #1463409 reported by Attila Fazekas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
os-collect-config
Confirmed
High
Steve Baker

Bug Description

/etc/os-collect-config.conf can contain sensitive credentials.

1. It must be installed without world readability.
2. The os-collect-config should refuse the operations when the file is world readable.

Changed in os-collect-config:
status: New → Confirmed
importance: Undecided → High
Changed in os-collect-config:
assignee: nobody → Steve Baker (steve-stevebaker)
Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I think the initial installation of /etc/os-collect-config.conf can be world-readable since it contains no secrets, but os-apply-config needs to reduce permissions when it overwrites the file.

Revision history for this message
Attila Fazekas (afazekas) wrote :

Related change.: https://review.openstack.org/#/c/198155/

The usual package install policy is security by default, even if the initial version does not contains a real credentials.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.