x509 private keys are created world-readable
Bug #1112605 reported by
Zane Bitter
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-novaclient |
Fix Released
|
Undecided
|
Zane Bitter |
Bug Description
The "nova x509-create-cert" command creates a private key file with permissions -rw-r--r--. (i.e. 0644). A more prudent approach would be to create the file with the permissions 0400, as ssh-keygen does when creating private SSH keys.
Changed in python-novaclient: | |
assignee: | nobody → Zane Bitter (zaneb) |
status: | New → In Progress |
Changed in python-novaclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/21007 github. com/openstack/ python- novaclient/ commit/ 0b4590cb2438b4e c1fd8842d7ae3f2 627059cabc
Committed: http://
Submitter: Jenkins
Branch: master
commit 0b4590cb2438b4e c1fd8842d7ae3f2 627059cabc
Author: Zane Bitter <email address hidden>
Date: Fri Feb 1 09:39:07 2013 +0100
Mask permissions on private key files
When using "nova x509-create-cert", the private key should be written to
a file with the permissions 0400, not (world-readable) 0644, in line
with how ssh private keys are treated.
bug 1112605
Change-Id: I0b20378efba38f a58f4ad9a33cd15 b3432ebb8a2
Signed-off-by: Zane Bitter <email address hidden>