Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-42216

Satellite manifest consumer profile cert and key found in satellite client rhsm cache

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 6.19.0
    • 6.16.z, 6.17.z, 6.18.z
    • Candlepin
    • 1
    • False
    •  candlepin-4.7.4-1, candlepin-4.6.5-1, candlepin-4.4.24-1
    • Proton Sprint 10
    • sat-proton
    • None
    • None
    • None
    • None

      Description of problem:

      clients registered to Satellite 6.18 obtain a copy of the Satellites manifest consumer profile cert and key after running subscription-manager identity 

      How reproducible:

      every time 

      Is this issue a regression from an earlier version:

      no 

      Steps to Reproduce:

      1. register RHEL system to Satellite 6.18

      2. run # subscription-manager identity on RHEL system 

      3. cat /var/lib/rhsm/cache/current_owner.json

      Actual behavior:
      The manifest profile consumer identity (cert and key) can be seen from each registering client 

      Expected behavior:
      As it is unknown why a registering client has this information, it is not expected for all registering clients to have this information

      Business Impact / Additional info:

      With the permissions for this file being world readable, any user on a Satellite registered client could manipulate the Satellites' subscription allocation.

              Unassigned Unassigned
              rhn-support-ddacunha Daniela Da Cunha
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: