Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2015-4053 world-readable permissions on client.admin key #300

Merged
merged 7 commits into from May 25, 2015
Merged

Fix CVE-2015-4053 world-readable permissions on client.admin key #300

merged 7 commits into from May 25, 2015

Commits on May 21, 2015

  1. [RM-11694] Require at least one host for 'admin' 

    Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 21, 2015
    Copy the full SHA
    6fc7f7f View commit details
    Browse the repository at this point in the history

  2. [RM-11694] Add CLI test for "ceph-deploy admin" 

    Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 21, 2015
    Copy the full SHA
    debc762 View commit details
    Browse the repository at this point in the history

  3. [RM-11694] Remove extraneous line 

    No need to get to the shortname of the host -- it was never used
and was also overwriting the variable used in the loop.

Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 21, 2015
    Copy the full SHA
    ab240e3 View commit details
    Browse the repository at this point in the history

Commits on May 22, 2015

  1. [RM-11694] Add optional directory to write_file() 

    This is mostly for testing purposes.  The method has no way to
specify a directory independently from the file name, which it
makes it difficult to use with automated tests.  It will get
refactored more later, but for now add a new kwarg that pass
in a dir to write to.  Since a lot of callers are passing in
absolute paths (.e.g. "/etc/ceph/keyring"), we look for the
beginning slash and chop it off so that we can use os.path.join()
and write into something like /tmp/etc/ceph.

Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 22, 2015
    Copy the full SHA
    628bd9e View commit details
    Browse the repository at this point in the history

  2. [RM-11694] Add test for admin key file permissions 

    Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 22, 2015
    Copy the full SHA
    78fe41a View commit details
    Browse the repository at this point in the history

  3. [RM-11694] Add file mode option to write_file() 

    You an now pass a file mode to write_file with "mode=" and
it will set the file mode that after writing the file.

Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 22, 2015
    Copy the full SHA
    5368d9d View commit details
    Browse the repository at this point in the history

  4. [RM-11694] Always write admin keyring with mode 0600 

    Signed-off-by: Travis Rhoden <trhoden@redhat.com>
    Travis Rhoden committed May 22, 2015
    Copy the full SHA
    8ef6d41 View commit details
    Browse the repository at this point in the history