Actions
Bug #9785
closed/etc/ceph/dmcrypt-keys and key contents are created world-readable
% Done:
100%
Source:
other
Tags:
Backport:
giant,firefly
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
get_or_create_dmcrypt_key in ceph-disk creates the key_dir and key_files, but does not set any specific permissions on them. In a default Ubuntu 12.04 LTS install this left the directory as 755 and the key files as 644.
Firefly (0.80.7-1precise) and Giant RC (0.86-1precise) both showed this behaviour.
By comparison get_key and bootstrap_key in ceph-create-keys call:
os.fchmod(f.fileno(), 0600)
Updated by Loïc Dachary over 9 years ago
- Status changed from 12 to Fix Under Review
- % Done changed from 0 to 80
Updated by Sage Weil over 9 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to giant,firefly
Updated by Loïc Dachary over 9 years ago
- Status changed from Pending Backport to Fix Under Review
- giant backport https://github.com/ceph/ceph/pull/3095
- firefly backport https://github.com/ceph/ceph/pull/3096
Updated by Loïc Dachary over 9 years ago
- Status changed from Fix Under Review to Resolved
- % Done changed from 80 to 100
Actions