Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31922

[4.14] /etc/shadow has higher permissions than recommended

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • 4.14.z
    • 4.14.0, 4.14.z, 4.15.0, 4.15.z, 4.16
    • RHCOS
    • Low
    • No
    • 1
    • 252 - Core Packages
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, the default permissions for the /etc/shadow file in the default Red Hat CoreOS builds were set at a higher level than recommended, causing a security vulnerability.

      With this update, the rpm-ostree component of Red Hat CoreOS generates new builds with the correct file permissions and corrects the file permissions of the current deployment where necessary.
      Show
      Previously, the default permissions for the /etc/shadow file in the default Red Hat CoreOS builds were set at a higher level than recommended, causing a security vulnerability. With this update, the rpm-ostree component of Red Hat CoreOS generates new builds with the correct file permissions and corrects the file permissions of the current deployment where necessary.
    • CVE - Common Vulnerabilities and Exposures
    • Done

      Description of problem

      In QualysQuard 12.16.61-1, Vulnerability Signatures 2.5.993-2 it is noticed that file permission of /etc/shadow is higher than recommended.  Default permission of /etc/shadow is 000 where in openshift 4.14.z it's identified as 644.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1. ls -l /etc/shadow
      2. rw-rr-. 1 root root 818 Mar 4 10:39 /etc/shadow

      Actual results:

      Expected results:

      Additional info:

            rhn-support-jmarrero Joseph Marrero Corchado
            rhn-support-hsahoo Himanshu Sekhar Sahoo
            Aashish Radhakrishnan Aashish Radhakrishnan
            Shane Lovern Shane Lovern
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: