Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Raring |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
The fix for CVE-2013-4969 (tempfile vulnerability) contained a regression affecting the default file mode if none is specified on a file resource. This has been fixed in upstream 3.4.2 and 2.7.25.
Upstream bug: https:/
Please apply the following patch from 2.7.x to fix the issue:
https:/
This currently affects the Foreman installer as some resources in our modules rely on this behaviour.
Reproduced on Ubuntu 12.04 with puppet 2.7.11-1ubuntu2.6:
# puppet apply -e 'file { "/tmp/a": content => "foo" }'
notice: /Stage[
notice: Finished catalog run in 0.08 seconds
# ls -l /tmp/a
-rw------- 1 root root 3 Jan 9 09:13 /tmp/a
||/ Name Version Description
+++-===
ii puppet 2.7.11-1ubuntu2.6 Centralized configuration management - agent startup and
Thank you for taking the time to report this bug and helping to make Ubuntu better.
I have verified that the test case provided demonstrates a regression between 2.7.11-1ubuntu2 and 2.7.11-1ubuntu2.6 as described here and in the upstream ticket.