Fix: keyring permissions where world readable #272
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reported in https://bugzilla.suse.com/show_bug.cgi?id=920926 by Andreas Stieger <astieger@suse.com> Before thsi fix to umask for keyring handling, After execution of ceph-deploy, all keyrings have mode 644. The documented ceph-deploy procedure by creating a dedicated admin user, and keys will be readable to all other (non-admin) users as well, thus leaking authentication credentials. The fix uses umask to resolve the writing of keyfiles. Signed-off-by: Owen Synge <osynge@suse.com>
|
Refer to this link for build results (access rights to CI server needed): |
codenrhoden
added a commit
that referenced
this pull request
Mar 20, 2015
Fix: keyring permissions where world readable
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reported in https://bugzilla.suse.com/show_bug.cgi?id=920926
by Andreas Stieger astieger@suse.com
Before thsi fix to umask for keyring handling, After execution
of ceph-deploy, all keyrings have mode 644.
The documented ceph-deploy procedure by creating a dedicated
admin user, and keys will be readable to all other (non-admin)
users as well, thus leaking authentication credentials.
The fix uses umask to resolve the writing of keyfiles.
Signed-off-by: Owen Synge osynge@suse.com