Do not tolerate world readable os-collect-config.conf

Bug #1463409 reported by Attila Fazekas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
os-collect-config
High
Steve Baker

Bug Description

/etc/os-collect-config.conf can contain sensitive credentials.

1. It must be installed without world readability.
2. The os-collect-config should refuse the operations when the file is world readable.

Changed in os-collect-config:
status: New → Confirmed
importance: Undecided → High
Changed in os-collect-config:
assignee: nobody → Steve Baker (steve-stevebaker)
Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I think the initial installation of /etc/os-collect-config.conf can be world-readable since it contains no secrets, but os-apply-config needs to reduce permissions when it overwrites the file.

Revision history for this message
Attila Fazekas (afazekas) wrote :

Related change.: https://review.openstack.org/#/c/198155/

The usual package install policy is security by default, even if the initial version does not contains a real credentials.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers