Issue #15471 has been updated by Andrew Parker. Status changed from Unreviewed to Accepted Assignee set to Andrew Parker Target version set to 2.7.19 Affected Puppet version set to 2.7.18
This was just brought up on the #puppet channel. I think backporting the fixed `save_last_run_summary` in `lib/puppet/configurer.rb`. It also seems like the reasonable default for this file is for it to be readable. ---------------------------------------- Bug #15471: last_run_summary.yaml is only readable by root https://projects.puppetlabs.com/issues/15471#change-68195 Author: R.I. Pienaar Status: Accepted Priority: Normal Assignee: Andrew Parker Category: Target version: 2.7.19 Affected Puppet version: 2.7.18 Keywords: Branch: The work for CVE-2012-3866 also changed the permissions for this file which does not contain sensitive information imo and should not be restricted to root only. This relates to #7106 that moved this to world readable and contained a justification why etc. https://github.com/puppetlabs/puppet/commit/fd44bf5 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
