Project

General

Profile

Bug #11110

Check permissions on /var/rudder files, particularly modified-files

Added by Alexis MOUSSET almost 3 years ago. Updated 11 months ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
0

Description

Modified files have the permission of the modified files, which can lead to be world-readable as the folder itself is 755.

For example, if I edit a 644 file in a 700 directory, it will be 644 in the modified-files, and accessible to everybody. There should be no need for modified-files to be world-readable, and we should enforce 700 for it.

#1

Updated by Benoît PECCATTE almost 3 years ago

We should change the permissions of the directory, but not the ones of the files, it contains a backup information that should not be lost

#2

Updated by Benoît PECCATTE almost 3 years ago

  • Assignee set to Benoît PECCATTE
#3

Updated by Benoît PECCATTE almost 3 years ago

  • Status changed from New to In progress
#4

Updated by Benoît PECCATTE almost 3 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1173
#5

Updated by Benoît PECCATTE almost 3 years ago

  • Status changed from Pending technical review to Pending release
#6

Updated by Vincent MEMBRÉ almost 3 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.22, 4.1.6 and 4.2.0~beta3 which were released today.

#7

Updated by Vincent MEMBRÉ 11 months ago

  • Private changed from Yes to No
  • Priority changed from 92 to 0

Also available in: Atom PDF