Issue #15471 has been updated by Josh Cooper. Keywords set to last_run_summary monitoring
Merged into 2.7rc in <https://github.com/puppetlabs/puppet/commit/0f13cf5> <pre> The security fix for locking down the last_run_report, which contains sensitive information, also locked down the last_run_summary, which does not contain sensitive information. Unfortunately this file is often used by monitoring systems so that they can track puppet runs. Since the agent runs as root and the monitoring systems do not, this caused the summary to become unreadable by the monitoring systems. This commit returns the summary to being world readable which undoes part of the change done in fd44bf5e6d0d360f6a493d663b653c121fa83c3f </pre> ---------------------------------------- Bug #15471: last_run_summary.yaml is only readable by root https://projects.puppetlabs.com/issues/15471#change-68514 Author: R.I. Pienaar Status: In Topic Branch Pending Review Priority: Normal Assignee: Andrew Parker Category: Target version: 2.7.19 Affected Puppet version: 2.7.18 Keywords: last_run_summary monitoring Branch: https://github.com/puppetlabs/puppet/pull/1002 The work for CVE-2012-3866 also changed the permissions for this file which does not contain sensitive information imo and should not be restricted to root only. This relates to #7106 that moved this to world readable and contained a justification why etc. https://github.com/puppetlabs/puppet/commit/fd44bf5 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
