[Bug 1382632] Re: Insecure key file permissions
Scott Moser
smoser at ubuntu.com
Fri Oct 24 20:57:01 UTC 2014
This ends up being a regression of the curtin changes in bug 1313550.
curtin is extracting a tarball with '--xattrs --xattrs-include=* --acl'.
Its the '--acl' that is problematic.
Even though the tarball being extracted did not have acl stored in it
tar creates default acl on extraction.
The simplist fix is to for us to remove '--acl' from curtin's extraction parameters.
http://bazaar.launchpad.net/~curtin-dev/curtin/trunk/view/head:/curtin/commands/extract.py
This change can be made locally on the maas region controller in the
installed 'python-curtin' package.
** Attachment added: "show tar acl issue"
https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1382632/+attachment/4244036/+files/show-tar-acl-issue
** Also affects: curtin (Ubuntu)
Importance: Undecided
Status: New
** Also affects: curtin
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632
Title:
Insecure key file permissions
To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1382632/+subscriptions
More information about the Ubuntu-server-bugs
mailing list