Public bug reported:
The sources.list.d entry for esm is created with the default umask,
which means that all local users on the system have access to the token.
Being able to read globally-readable files on the filesystem does not
necessarily mean you are an ESM subscriber who should have access to
this token and be able to access the ESM archive.
We should probably create this file mode 0600. (Though it is too late
to fix this for precise.)
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700611
Title:
sources.list file created for ESM is world-readable, leaks subscriber
token to all local users
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1700611/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
