Re: [Spacewalk-devel] Rationale for "rhncfg-actions should not log the diff of files that are not readable by all"

[Cliff Perry]

On 11/08/2012 09:34 PM, Parsons, Aron wrote:
So many of the files that I deploy in my environments are not world-readable, 
as were lots of other environments I worked with in the past.  I see this 
change as a reduction in functionality, as now instead of viewing the diffs in 
Spacewalk, I need to log into each system before determining the course of 
action.  More importantly, when manually running 'rhncfg-client diff', I fully 
expect to see a diff, not an error message telling me to redeploy.
Thoughts on reverting 7a18b250b07ff4ed0c34fa48e69029c114ec3ab1 since the 
security issue is addressed by protecting the log file?


Under consideration.

But, please be mindful of another bug in that code which we did fix, for 
diff files (logic error):

http://git.fedorahosted.org/cgit/spacewalk.git/commit/client/tools/rhncfg?id=07efbaa821dbdd131dd0d3a1498afbd763ee37d7

Cliff

/aron

-----Original Message-----
From: Stephen Herr [mailto:sh...@redhat.com]
Sent: Thursday, November 08, 2012 1:03 PM
To: spacewalk-devel@redhat.com
Cc: Parsons, Aron
Subject: Re: [Spacewalk-devel] Rationale for "rhncfg-actions should not log the diff 
of files that are not readable by all"

On 11/08/2012 10:34 AM, Parsons, Aron wrote:
Can anyone explain the rationale behind commit 
7a18b250b07ff4ed0c34fa48e69029c114ec3ab1?  I do not have access to the BZ that 
it references.

I don't see the security implications of generating a diff for a
non-world-readable file.  Unauthorized users can't read the file on
the system

This did not used to be true. We were generating diffs of every file and 
placing them in a readable-by-anyone log file. In bug 824707 we fix this 
problem by

1) Not diffing files that are not readable by all in
7a18b250b07ff4ed0c34fa48e69029c114ec3ab1

and then we also

2) Made the log file only readable by root in
0cb9f801bfc073cd68111868014219407b73f9f9

Both are probably not necessary, but the feeling at the time was "better safe than 
sorry."

-Stephen

   and you need to have access to the system in Spacewalk to view the output.  
Is there another scenario that makes returning the diff insecure?

/aron

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel


_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel