From e296e1379166fef18f80f0d4d0434111ae463441 Mon Sep 17 00:00:00 2001
From: Amy Fong <amy.fong@windriver.com>
Date: Wed, 7 May 2014 14:16:11 -0400
Subject: keystone: CVE-2012-5483

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon
Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable
permissions for /etc/keystone/ec2rc, which allows local users to obtain
access to EC2 services by reading administrative access and secret values
from this file.

Modify /etc/keystone to have permission 750

Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
 meta-openstack/recipes-devtools/python/python-keystone_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'meta-openstack/recipes-devtools/python/python-keystone_git.bb')

diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index da6cfb4..c0522f8 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -28,7 +28,7 @@ do_install_append() {
 
     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
 
-    install -d ${KEYSTONE_CONF_DIR}
+    install -m 750 -d ${KEYSTONE_CONF_DIR}
 
     install -d ${D}${localstatedir}/log/${SRCNAME}
 
-- 
cgit v1.2.3-54-g00ecf