[Bug 862844] Re: Glance config files and logs are world-readable
Launchpad Bug Tracker
862844 at bugs.launchpad.net
Sat Oct 1 07:47:01 UTC 2011
This bug was fixed in the package glance - 2011.3-0ubuntu4
---------------
glance (2011.3-0ubuntu4) oneiric; urgency=low
[ Adam Gandelman ]
* debian/glance.postinst: Restrict permissions of /etc/glance/ and
/var/log/glance/ (LP: #862844)
-- Chuck Short <zulcss at ubuntu.com> Fri, 30 Sep 2011 16:00:33 -0400
** Changed in: glance (Ubuntu Oneiric)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/862844
Title:
Glance config files and logs are world-readable
Status in “glance” package in Ubuntu:
Fix Released
Status in “glance” source package in Oneiric:
Fix Released
Bug description:
/etc/glance/glance-regsitry.conf may contain database credentials
(sql_connection). /etc/glance/glance-api.conf may contain credentials
for various storage backends (swift, s3). It appears both may also
contain keystone tokens. All of these files are installed world-
readable (0644)
When verbose logging is enabled (it is by default), these settings are
logged in corresponding log files in /var/log/glance on service
startup. These logfiles are also created readable by anyone.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glance/+bug/862844/+subscriptions
More information about the Ubuntu-sponsors
mailing list