x509 private keys are created world-readable

Bug #1112605 reported by Zane Bitter on 2013-02-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zane Bitter

Bug Description

The "nova x509-create-cert" command creates a private key file with permissions -rw-r--r--. (i.e. 0644). A more prudent approach would be to create the file with the permissions 0400, as ssh-keygen does when creating private SSH keys.

Changed in python-novaclient:
assignee: nobody → Zane Bitter (zaneb)
status: New → In Progress

Reviewed: https://review.openstack.org/21007
Committed: http://github.com/openstack/python-novaclient/commit/0b4590cb2438b4ec1fd8842d7ae3f2627059cabc
Submitter: Jenkins
Branch: master

commit 0b4590cb2438b4ec1fd8842d7ae3f2627059cabc
Author: Zane Bitter <email address hidden>
Date: Fri Feb 1 09:39:07 2013 +0100

    Mask permissions on private key files

    When using "nova x509-create-cert", the private key should be written to
    a file with the permissions 0400, not (world-readable) 0644, in line
    with how ssh private keys are treated.

    bug 1112605

    Change-Id: I0b20378efba38fa58f4ad9a33cd15b3432ebb8a2
    Signed-off-by: Zane Bitter <email address hidden>

Changed in python-novaclient:
status: In Progress → Fix Committed
Changed in python-novaclient:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers