[one-users] [SECURITY FIX] X509 proxy permissions

Javier Fontan jfontan at opennebula.org
Thu Oct 27 03:47:45 PDT 2011

Previous message: [one-users] Hi, I have some questions about Open vSwitch management in Opennebula 3(feature 476).
Next message: [one-users] Looking at moving to OpenNebula with a few questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

There is a security problem related with x509 proxy generation. The
proxies generated have permissions that let any other user to read,
that is, be logged as any other user with valid x509 proxy. To fix
this issue you can download this file:

http://dev.opennebula.org/attachments/download/491/x509_permissions-3.0.patch

and follow these steps:

1.- Go to /usr/lib/one/ruby or $ONE_LOCATION/lib/ruby
2.- Apply patch (files to be patched ssh_auth.rb and x509_auth.rb):
  $ patch < x509_permissions-3.0.patch
3.- After that (no need to restart nothing) please make your users to
remove their login files and renew them

Cheers

-- 
Javier Fontán Muiños
Project Engineer
OpenNebula Toolkit | opennebula.org

Previous message: [one-users] Hi, I have some questions about Open vSwitch management in Opennebula 3(feature 476).
Next message: [one-users] Looking at moving to OpenNebula with a few questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list