[Bug 1267385] [NEW] Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix)
Dominic Cleal
dominic at computerkb.co.uk
Thu Jan 9 09:14:38 UTC 2014
Public bug reported:
The fix for CVE-2013-4969 (tempfile vulnerability) contained a
regression affecting the default file mode if none is specified on a
file resource. This has been fixed in upstream 3.4.2 and 2.7.25.
Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255
Please apply the following patch from 2.7.x to fix the issue:
https://github.com/puppetlabs/puppet/commit/6a11abb8ac
This currently affects the Foreman installer as some resources in our
modules rely on this behaviour.
Reproduced on Ubuntu 12.04 with puppet 2.7.11-1ubuntu2.6:
# puppet apply -e 'file { "/tmp/a": content => "foo" }'
notice: /Stage[main]//File[/tmp/a]/ensure: defined content as '{md5}acbd18db4cc2f85cedef654fccc4a4d8'
notice: Finished catalog run in 0.08 seconds
# ls -l /tmp/a
-rw------- 1 root root 3 Jan 9 09:13 /tmp/a
||/ Name Version Description
+++-====================-====================-========================================================
ii puppet 2.7.11-1ubuntu2.6 Centralized configuration management - agent startup and
** Affects: puppet (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/1267385
Title:
Default file mode now 0600 instead of 0644 (regression in
CVE-2013-4969 fix)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1267385/+subscriptions
More information about the Ubuntu-server-bugs
mailing list