[Openstack-security] [Bug 1129748] Re: image files in _base should not be world-readable

Russell Bryant 1129748 at bugs.launchpad.net
Wed Jul 17 12:14:10 UTC 2013


** Changed in: nova
    Milestone: havana-2 => havana-3

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1129748

Title:
  image files in _base should not be world-readable

Status in OpenStack Compute (Nova):
  In Progress

Bug description:
  Already public in https://bugzilla.redhat.com/show_bug.cgi?id=896085 ,
  so probably no point making this private.  But I checked the security
  vulnerability box anyway so someone else can decide.

  We create image files in /var/lib/nova/instances/_base with default
  permissions, usually 644.  It would be better to not make the image
  files world-readable, in case they contain private data.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1129748/+subscriptions




More information about the Openstack-security mailing list