vm-builder images and configuration files should not be world readable
Bug #386463 reported by
Dustin Kirkland
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vm-builder (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
| Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
From yann2 in #ubuntu-virt:
"Permissions incorrect? libvirt group users should be able to access /etc/libvirt/qemu/* - images generated by ubuntuvmbuilder are readable by the world (not good at all imho)"
It is request by this user that vm-builder configs and images are not created world-readable.
:-Dustin
Revision history for this message
| Dustin Kirkland (kirkland) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Changed in vm-builder (Ubuntu): | |
| assignee: | nobody → Soren Hansen (soren) |
| status: | New → Confirmed |
| Changed in vm-builder (Ubuntu): | |
| assignee: | Soren Hansen (soren) → nobody |
| assignee: | nobody → Canonical Security Team (canonical-security) |
Revision history for this message
| Kees Cook (kees) wrote | #2 |
| Changed in vm-builder (Ubuntu): | |
| assignee: | Canonical Security Team (canonical-security) → Soren Hansen (soren) |
| Changed in vm-builder (Ubuntu): | |
| importance: | Undecided → Medium |
| Changed in vm-builder (Ubuntu): | |
| milestone: | none → ubuntu-10.04 |
| Changed in vm-builder (Ubuntu Lucid): | |
| milestone: | ubuntu-10.04 → none |
| Changed in vm-builder (Ubuntu): | |
| assignee: | Soren Hansen (soren) → nobody |
| Changed in vm-builder (Ubuntu Lucid): | |
| assignee: | Soren Hansen (soren) → nobody |
Revision history for this message
| Rolf Leggewie (r0lf) wrote | #3 |
| Changed in vm-builder (Ubuntu Lucid): | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
Unmarked security, per irc discussion with the security team.
They'll comment further.
:-Dustin