[Openstack-security] [Bug 1129748] Re: image files in _base should not be world-readable
Sean Dague
sean at dague.net
Fri Sep 12 14:55:01 UTC 2014
Honestly, if you have shell users on your compute... things are all
kinds of bad.
** Changed in: nova
Status: New => Opinion
** Changed in: nova
Importance: Medium => Low
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1129748
Title:
image files in _base should not be world-readable
Status in OpenStack Compute (Nova):
Opinion
Bug description:
Already public in https://bugzilla.redhat.com/show_bug.cgi?id=896085 ,
so probably no point making this private. But I checked the security
vulnerability box anyway so someone else can decide.
We create image files in /var/lib/nova/instances/_base with default
permissions, usually 644. It would be better to not make the image
files world-readable, in case they contain private data.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1129748/+subscriptions
More information about the Openstack-security
mailing list