[one-users] [SECURITY FIX] X509 proxy permissions

Javier Fontan jfontan at opennebula.org
Thu Oct 27 03:47:45 PDT 2011


There is a security problem related with x509 proxy generation. The
proxies generated have permissions that let any other user to read,
that is, be logged as any other user with valid x509 proxy. To fix
this issue you can download this file:


and follow these steps:

1.- Go to /usr/lib/one/ruby or $ONE_LOCATION/lib/ruby
2.- Apply patch (files to be patched ssh_auth.rb and x509_auth.rb):
  $ patch < x509_permissions-3.0.patch
3.- After that (no need to restart nothing) please make your users to
remove their login files and renew them


Javier Fontán Muiños
Project Engineer
OpenNebula Toolkit | opennebula.org

More information about the Users mailing list