Univention Bugzilla – Bug 30819
UCC auto-join information in the image are world-readable
Last modified: 2013-07-25 12:59:47 CEST
-> ucc-image-set-join-information -i ucc-1.0-thinclient-image.img -> mount -o loop ucc-1.0-thincli... -> ls -la /mnt/etc/ucc_join_* -rw-r--r-- 1 root root 9 19. Mär 09:58 /mnt/etc/ucc_join_domain -rw-r--r-- 1 root root 11 19. Mär 09:58 /mnt/etc/ucc_join_password -rw-r--r-- 1 root root 14 19. Mär 09:58 /mnt/etc/ucc_join_user Until the system is joined or on live systems, the auto-join information are readable for everybody. "ucc-image-set-join-information" should chmod these files to 440.
The permissions are now more restrictive in ucc-image-toolkit 1.0.7-1
OK ucc-errata -> ucc-image-set-join-information -i ucc-1.0-thinclient-image.img ... -> mount -o loop ucc-1.0-thinclient-image.img /mnt/ -> ls -la /mnt/etc/ucc_join_* -r--r----- 1 root root 8 5. Apr 09:07 /mnt/etc/ucc_join_domain -r--r----- 1 root root 11 5. Apr 09:07 /mnt/etc/ucc_join_password -r--r----- 1 root root 14 5. Apr 09:07 /mnt/etc/ucc_join_user automatic join still works OK YAML
Released in the App center in "ucc_20130429"