[one-users] [SECURITY FIX] X509 proxy permissions
Javier Fontan
jfontan at opennebula.org
Thu Oct 27 03:47:45 PDT 2011
Hello,
There is a security problem related with x509 proxy generation. The
proxies generated have permissions that let any other user to read,
that is, be logged as any other user with valid x509 proxy. To fix
this issue you can download this file:
http://dev.opennebula.org/attachments/download/491/x509_permissions-3.0.patch
and follow these steps:
1.- Go to /usr/lib/one/ruby or $ONE_LOCATION/lib/ruby
2.- Apply patch (files to be patched ssh_auth.rb and x509_auth.rb):
$ patch < x509_permissions-3.0.patch
3.- After that (no need to restart nothing) please make your users to
remove their login files and renew them
Cheers
--
Javier Fontán Muiños
Project Engineer
OpenNebula Toolkit | opennebula.org
More information about the Users
mailing list