Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31921

[4.15] /etc/shadow has higher permissions than recommended

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • 4.15.z
    • 4.14.0, 4.14.z, 4.15.0, 4.15.z, 4.16
    • RHCOS
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 1
    • Low
    • No
    • None
    • None
    • 252 - Core Packages
    • 1
    • Done
    • CVE - Common Vulnerabilities and Exposures
    • Hide
      Previously, the default permissions for the /etc/shadow file in the default Red Hat CoreOS builds were set at a higher level than recommended, causing a security vulnerability.

      With this update, the rpm-ostree component of Red Hat CoreOS generates new builds with the correct file permissions and corrects the file permissions of the current deployment where necessary.
      Show
      Previously, the default permissions for the /etc/shadow file in the default Red Hat CoreOS builds were set at a higher level than recommended, causing a security vulnerability. With this update, the rpm-ostree component of Red Hat CoreOS generates new builds with the correct file permissions and corrects the file permissions of the current deployment where necessary.
    • None
    • None
    • None
    • None

      Description of problem

      In QualysQuard 12.16.61-1, Vulnerability Signatures 2.5.993-2 it is noticed that file permission of /etc/shadow is higher than recommended.  Default permission of /etc/shadow is 000 where in openshift 4.14.z it's identified as 644.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1. ls -l /etc/shadow
      2. rw-rr-. 1 root root 818 Mar 4 10:39 /etc/shadow

      Actual results:

      Expected results:

      Additional info:

              rhn-support-jmarrero Joseph Marrero Corchado
              rhn-support-hsahoo Himanshu Sekhar Sahoo
              None
              None
              Aashish Radhakrishnan Aashish Radhakrishnan
              Shane Lovern Shane Lovern
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: