[Bug 409777] Re: credentials zip file should pack files with permissions 600
chris grzegorczyk
grze at eucalyptus.com
Fri Jan 29 23:50:17 GMT 2010
Sadly, the change is not trivial since it would require implementing
support for permissions in java.util.zip.*
Shelling out is not an option since the contents of the zip never
actually exist as files.
On Fri, Jan 29, 2010 at 10:54 AM, Dustin Kirkland
<dustin.kirkland at gmail.com> wrote:
> Chris, can you bang this trivial change into 1.6.2?
>
> --
> credentials zip file should pack files with permissions 600
> https://bugs.launchpad.net/bugs/409777
> You received this bug notification because you are a bug assignee.
>
> Status in Eucalyptus: Confirmed
> Status in “eucalyptus” package in Ubuntu: Triaged
>
> Bug description:
> You can download credentials from the web site in a packed zipfile.
>
> When this file is unzipped, some relatively sensitive information is unpacked, including keys and credentials.
>
> When creating the zipfile, these files should be permissioned appropriately, such as 600.
>
> :-Dustin
>
>
>
--
Chris Grzegorczyk
Co-Founder and Engineer
Eucalyptus Systems, Inc.
130 Castilian St. | Goleta, CA | 93117
Office: 805-968-1400 x e^1 | Cell: 805-807-8237
Email: grze at eucalyptus.com
www.eucalyptus.com
________________________________________
--
credentials zip file should pack files with permissions 600
https://bugs.launchpad.net/bugs/409777
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
More information about the Ubuntu-server-bugs
mailing list