Bug #11110: Check permissions on /var/rudder files, particularly modified-files - Rudder - Issue Tracker

Actions

Copy link

Bug #11110

closed

Check permissions on /var/rudder files, particularly modified-files

Added by Alexis Mousset almost 7 years ago. Updated almost 5 years ago.

Status:

Released

Priority:

N/A

Assignee:

Vincent MEMBRÉ

Category:

System techniques

Target version:

3.1.22

Pull Request:

https://github.com/Normation/rudder-t...

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Operational - other Techniques | Technique editor | Rudder settings

Effort required:

Very Small

Priority:

Name check:

Fix check:

Regression:

Description

Modified files have the permission of the modified files, which can lead to be world-readable as the folder itself is 755.

For example, if I edit a 644 file in a 700 directory, it will be 644 in the modified-files, and accessible to everybody. There should be no need for modified-files to be world-readable, and we should enforce 700 for it.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #11110

Check permissions on /var/rudder files, particularly modified-files

Updated by Benoît PECCATTE almost 7 years ago

Updated by Benoît PECCATTE almost 7 years ago

Updated by Benoît PECCATTE almost 7 years ago

Updated by Benoît PECCATTE almost 7 years ago

Updated by Benoît PECCATTE almost 7 years ago

Updated by Vincent MEMBRÉ over 6 years ago

Updated by Vincent MEMBRÉ almost 5 years ago