Set keystone.conf to mode 0600 Set keystone.conf readable only by owner Fixes CVE-2013-1977 Fixed bug: 1168252 Change-Id: Idd13b7a58e257565052c54f72c65d8dceb23f27a

commit: d561b70930f7184ade05953faa11a47dc250a16c [log] [tgz]
author: Dean Troyer <dtroyer@gmail.com> Tue Oct 22 17:46:00 2013 -0500
committer: Sean Dague <sdague@linux.vnet.ibm.com> Fri Nov 01 13:49:39 2013 -0400
tree: 8871b77a1684bc0f4b441769526cff36510dcf8c
parent: 7751354b44bc3ce286142d588d18ec919a5e4eff [diff] [blame]
diff --git a/lib/keystone b/lib/keystone
old mode 100755
new mode 100644
index 7011f66..4353eba
--- a/lib/keystone
+++ b/lib/keystone

@@ -126,6 +126,7 @@
 
     if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
+        chmod 600 $KEYSTONE_CONF
         cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
         if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then
             cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI"
commit	d561b70930f7184ade05953faa11a47dc250a16c	[log] [tgz]
author	Dean Troyer <dtroyer@gmail.com>	Tue Oct 22 17:46:00 2013 -0500
committer	Sean Dague <sdague@linux.vnet.ibm.com>	Fri Nov 01 13:49:39 2013 -0400
tree	8871b77a1684bc0f4b441769526cff36510dcf8c
parent	7751354b44bc3ce286142d588d18ec919a5e4eff [diff] [blame]