From d561b70930f7184ade05953faa11a47dc250a16c Mon Sep 17 00:00:00 2001
From: Dean Troyer <dtroyer@gmail.com>
Date: Tue, 22 Oct 2013 17:46:00 -0500
Subject: [PATCH] Set keystone.conf to mode 0600

Set keystone.conf readable only by owner
Fixes CVE-2013-1977

Fixed bug: 1168252

Change-Id: Idd13b7a58e257565052c54f72c65d8dceb23f27a
---
 lib/keystone | 1 +
 1 file changed, 1 insertion(+)
 mode change 100755 => 100644 lib/keystone

diff --git a/lib/keystone b/lib/keystone
old mode 100755
new mode 100644
index 7011f66e99..4353ebab1c
--- a/lib/keystone
+++ b/lib/keystone
@@ -126,6 +126,7 @@ function configure_keystone() {
 
     if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
+        chmod 600 $KEYSTONE_CONF
         cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
         if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then
             cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI"