[Openstack-security] [OSSG][OSSN] DRAFT: Keystone configuration should not be world readable

Clark, Robert Graham robert.clark at hp.com
Mon Apr 29 13:20:46 UTC 2013 

On 29/04/2013 14:16, "Thierry Carrez" <thierry at openstack.org> wrote:

>Clark, Robert Graham wrote:
>> Keystone configuration should not be world readable
>> [...]
>> ### Contacts / References ###
>> This OSSN : https://bugs.launchpad.net/ossn/+bug/1168252
>> Original LaunchPad Bug :
>>https://bugs.launchpad.net/devstack/+bug/1168252
>> OpenStack Security ML : openstack-security at lists.openstack.org
>> OpenStack Security Group : https://launchpad.net/~openstack-ossg
>
>Looks good, but should probably also reference the CVE:
>
>CVE-2013-1977  - OpenStack keystone.conf insecure file permissions
>
>Cheers,
>
>-- 
>Thierry

Updated the LP bug, thanks Thierry.

-Rob

More information about the Openstack-security mailing list