packages/cloud-init
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cloud-init/backport-Create-the-log-file-with-640-permissions-858.patch
fly_fzc bcadb2788d fix CVE-2023-1786
2023-05-24 16:32:50 +08:00

29 lines
1.0 KiB
Diff
Raw Blame History

From 29ac50f2b9e7634fc59fc161d77d27e970ae8080 Mon Sep 17 00:00:00 2001
From: Robert Schweikert <rjschwei@suse.com>
Date: Wed, 2 Jun 2021 17:10:32 -0400
Subject: [PATCH] - Create the log file with 640 permissions (#858)
Security scanners are often simple minded and complain on arbitrary
settings such as file permissions. For /var/log/* having world read is
one of these cases.
---
cloudinit/stages.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index bbded1e9..3688be2e 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -156,7 +156,7 @@ class Init(object):
util.ensure_dirs(self._initial_subdirs())
log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
if log_file:
- util.ensure_file(log_file, preserve_mode=True)
+ util.ensure_file(log_file, mode=0o640, preserve_mode=True)
perms = self.cfg.get('syslog_fix_perms')
if not perms:
perms = {}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink