Set keystone.conf to mode 0600

Set keystone.conf readable only by owner
Fixes CVE-2013-1977

Fixed bug: 1168252

Change-Id: Idd13b7a58e257565052c54f72c65d8dceb23f27a
This commit is contained in:
Dean Troyer 2013-10-22 17:46:00 -05:00 committed by Sean Dague
parent 7751354b44
commit d561b70930

1
lib/keystone Executable file → Normal file
View File

@ -126,6 +126,7 @@ function configure_keystone() {
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
chmod 600 $KEYSTONE_CONF
cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then
cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI" cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI"