From 82eaf721ea35d7e6ad5bcdb4c1a5f5862aeed59c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 17 May 2021 17:39:50 -0500
Subject: [PATCH] Fix permission for existing installation logs
The spec file has been updated to remove world access
from existing installation logs in /var/log/pki.
Resolves: CVE-2021-3551
---
pki.spec | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/pki.spec b/pki.spec
index a9ea345d8f..64bfd4fe7d 100644
--- a/pki.spec
+++ b/pki.spec
@@ -991,6 +991,10 @@ fi
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
## PKI deployment process
+# CVE-2021-3551
+# Remove world access from existing installation logs
+find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
+
# Reload systemd daemons on upgrade only
if [ "$1" == "2" ]
then
--
2.30.2