Browse code
Set keystone.conf to mode 0600
Set keystone.conf readable only by owner
Fixes CVE-2013-1977
Fixed bug: 1168252
Change-Id: Idd13b7a58e257565052c54f72c65d8dceb23f27a
Dean Troyer authored on 2013/10/23 07:46:00Showing 1 changed files
| 1 | 1 |
old mode 100755 |
| 2 | 2 |
new mode 100644 |
| ... | ... |
@@ -126,6 +126,7 @@ function configure_keystone() {
|
| 126 | 126 |
|
| 127 | 127 |
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then |
| 128 | 128 |
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF |
| 129 |
+ chmod 600 $KEYSTONE_CONF |
|
| 129 | 130 |
cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR |
| 130 | 131 |
if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then |
| 131 | 132 |
cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI" |