Project

General

Profile

Actions

Bug #11110

closed

Check permissions on /var/rudder files, particularly modified-files

Added by Alexis Mousset over 7 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
0
Name check:
Fix check:
Regression:

Description

Modified files have the permission of the modified files, which can lead to be world-readable as the folder itself is 755.

For example, if I edit a 644 file in a 700 directory, it will be 644 in the modified-files, and accessible to everybody. There should be no need for modified-files to be world-readable, and we should enforce 700 for it.

Actions #1

Updated by Benoît PECCATTE over 7 years ago

We should change the permissions of the directory, but not the ones of the files, it contains a backup information that should not be lost

Actions #2

Updated by Benoît PECCATTE over 7 years ago

  • Assignee set to Benoît PECCATTE
Actions #3

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from New to In progress
Actions #4

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1173
Actions #5

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #6

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.22, 4.1.6 and 4.2.0~beta3 which were released today.

Actions #7

Updated by Vincent MEMBRÉ over 5 years ago

  • Private changed from Yes to No
  • Priority changed from 92 to 0
Actions

Also available in: Atom PDF