rpms / pki-core

Clone
Source Code
GIT

Blame SOURCES/0001-Fix-permission-for-existing-installation-logs.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   35e59bd125498f2c6b5dad7c331b74c33b93448a
  2.   SOURCES
  3.   0001-Fix-permission-for-existing-installation-logs.patch
Blob History Raw
35e59b 
From 82eaf721ea35d7e6ad5bcdb4c1a5f5862aeed59c Mon Sep 17 00:00:00 2001
35e59b 
From: "Endi S. Dewata" <edewata@redhat.com>
35e59b 
Date: Mon, 17 May 2021 17:39:50 -0500
35e59b 
Subject: [PATCH] Fix permission for existing installation logs
35e59b
35e59b 
The spec file has been updated to remove world access
35e59b 
from existing installation logs in /var/log/pki.
35e59b
35e59b 
Resolves: CVE-2021-3551
35e59b 
---
35e59b 
 pki.spec | 4 ++++
35e59b 
 1 file changed, 4 insertions(+)
35e59b
35e59b 
diff --git a/pki.spec b/pki.spec
35e59b 
index a9ea345d8f..64bfd4fe7d 100644
35e59b 
--- a/pki.spec
35e59b 
+++ b/pki.spec
35e59b 
@@ -991,6 +991,10 @@ fi
35e59b 
 ##        from EITHER 'sysVinit' OR previous 'systemd' processes to the new
35e59b 
 ##        PKI deployment process
35e59b
35e59b 
+# CVE-2021-3551
35e59b 
+# Remove world access from existing installation logs
35e59b 
+find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
35e59b 
+
35e59b 
 # Reload systemd daemons on upgrade only
35e59b 
 if [ "$1" == "2" ]
35e59b 
 then
35e59b 
--
35e59b 
2.30.2
35e59b

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation