x509 private keys are created world-readable
Bug #1112605 reported by
Zane Bitter
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python-novaclient |
Fix Released
|
Undecided
|
Zane Bitter | ||
Bug Description
The "nova x509-create-cert" command creates a private key file with permissions -rw-r--r--. (i.e. 0644). A more prudent approach would be to create the file with the permissions 0400, as ssh-keygen does when creating private SSH keys.
| Changed in python-novaclient: | |
| assignee: | nobody → Zane Bitter (zaneb) |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to python-novaclient (master) | #1 |
| Changed in python-novaclient: | |
| status: | In Progress → Fix Committed |
| Changed in python-novaclient: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: master
commit 0b4590cb2438b4e
Author: Zane Bitter <email address hidden>
Date: Fri Feb 1 09:39:07 2013 +0100
Mask permissions on private key files
When using "nova x509-create-cert", the private key should be written to
a file with the permissions 0400, not (world-readable) 0644, in line
with how ssh private keys are treated.
bug 1112605
Change-Id: I0b20378efba38f
Signed-off-by: Zane Bitter <email address hidden>