Bug #9785: /etc/ceph/dmcrypt-keys and key contents are created world-readable - Ceph - Ceph

Actions

Copy link

Bug #9785

closed

/etc/ceph/dmcrypt-keys and key contents are created world-readable

Added by David Clarke over 9 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Loïc Dachary

Category:

Target version:

% Done:

100%

Source:

other

Tags:

Backport:

giant,firefly

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

get_or_create_dmcrypt_key in ceph-disk creates the key_dir and key_files, but does not set any specific permissions on them. In a default Ubuntu 12.04 LTS install this left the directory as 755 and the key files as 644.

Firefly (0.80.7-1precise) and Giant RC (0.86-1precise) both showed this behaviour.

By comparison get_key and bootstrap_key in ceph-create-keys call:

os.fchmod(f.fileno(), 0600)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #9785

/etc/ceph/dmcrypt-keys and key contents are created world-readable

Updated by Samuel Just over 9 years ago

Updated by Sage Weil over 9 years ago

Updated by Loïc Dachary over 9 years ago

Updated by Loïc Dachary over 9 years ago

Updated by Sage Weil over 9 years ago

Updated by Loïc Dachary over 9 years ago

Updated by Loïc Dachary over 9 years ago