Comment 4 for bug 409777
Revision history for this message
| chris grzegorczyk (chris-grze) wrote Re: [Bug 409777] Re: credentials zip file should pack files with permissions 600 | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Sadly, the change is not trivial since it would require implementing
support for permissions in java.util.zip.*
Shelling out is not an option since the contents of the zip never
actually exist as files.
On Fri, Jan 29, 2010 at 10:54 AM, Dustin Kirkland
<email address hidden> wrote:
> Chris, can you bang this trivial change into 1.6.2?
>
> --
> credentials zip file should pack files with permissions 600
> https:/
> You received this bug notification because you are a bug assignee.
>
> Status in Eucalyptus: Confirmed
> Status in “eucalyptus” package in Ubuntu: Triaged
>
> Bug description:
> You can download credentials from the web site in a packed zipfile.
>
> When this file is unzipped, some relatively sensitive information is unpacked, including keys and credentials.
>
> When creating the zipfile, these files should be permissioned appropriately, such as 600.
>
> :-Dustin
>
>
>
--
Chris Grzegorczyk
Co-Founder and Engineer
Eucalyptus Systems, Inc.
130 Castilian St. | Goleta, CA | 93117
Office: 805-968-1400 x e^1 | Cell: 805-807-8237
Email: <email address hidden>
www.eucalyptus.com
_______