Actions
Bug #11110
closed
Check permissions on /var/rudder files, particularly modified-files
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
0
Name check:
Fix check:
Regression:
Description
Modified files have the permission of the modified files, which can lead to be world-readable as the folder itself is 755.
For example, if I edit a 644 file in a 700 directory, it will be 644 in the modified-files, and accessible to everybody. There should be no need for modified-files to be world-readable, and we should enforce 700 for it.
Updated by Benoît PECCATTE almost 7 years ago
We should change the permissions of the directory, but not the ones of the files, it contains a backup information that should not be lost
Updated by Benoît PECCATTE almost 7 years ago
- Status changed from New to In progress
Updated by Benoît PECCATTE almost 7 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1173
Updated by Benoît PECCATTE almost 7 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|59371025db9653b41d96b43e292fa88f14f1026f.
Updated by Vincent MEMBRÉ over 6 years ago
- Status changed from Pending release to Released
Updated by Vincent MEMBRÉ almost 5 years ago
- Private changed from Yes to No
- Priority changed from 92 to 0
Actions