[Openstack-security] [Bug 1367238] Re: IBM NAS cinder driver sets 'rw' permissions to all during volume create operation, which is security issue
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu Oct 16 09:18:40 UTC 2014
** Changed in: cinder
Milestone: juno-rc1 => 2014.2
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1367238
Title:
IBM NAS cinder driver sets 'rw' permissions to all during volume
create operation, which is security issue
Status in Cinder:
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
IBM NAS cinder driver sets 'rw' permissions to all during volume create operation from a volume snapshot or from an existing volume (volume clone operation).
This is not required as 'rw' permissions to the user only should be sufficient.
This also helps resolve the security issue setting 'rw' permissions to all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1367238/+subscriptions
More information about the Openstack-security
mailing list