From 82eaf721ea35d7e6ad5bcdb4c1a5f5862aeed59c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 17 May 2021 17:39:50 -0500
Subject: [PATCH] Fix permission for existing installation logs

The spec file has been updated to remove world access
from existing installation logs in /var/log/pki.

Resolves: CVE-2021-3551
---
 pki.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pki.spec b/pki.spec
index a9ea345d8f..64bfd4fe7d 100644
--- a/pki.spec
+++ b/pki.spec
@@ -991,6 +991,10 @@ fi
 ##        from EITHER 'sysVinit' OR previous 'systemd' processes to the new
 ##        PKI deployment process
 
+# CVE-2021-3551
+# Remove world access from existing installation logs
+find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
+
 # Reload systemd daemons on upgrade only
 if [ "$1" == "2" ]
 then
-- 
2.30.2