align permissions of /etc/machine-id to upstream code (bsc#1092269)

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1028
This commit is contained in:
Thomas Blume 2018-05-08 11:42:09 +00:00 committed by Git OBS Bridge
parent 91770612d3
commit fdbc71d92c
4 changed files with 18 additions and 2 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue May 8 10:33:10 UTC 2018 - Thomas.Blume@suse.com
- align permissions of /etc/machine-id to upstream code (bsc#1092269)
world writeable machine-id is a security issue
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com

View File

@ -687,9 +687,11 @@ fi
# machine ID in all images. # machine ID in all images.
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
touch %{_sysconfdir}/machine-id touch %{_sysconfdir}/machine-id
chmod 666 %{_sysconfdir}/machine-id
fi fi
# check if /etc/machine-id is writeable and change it to readonly
[[ -w %{_sysconfdir}/machine-id ]] && chmod 444 %{_sysconfdir}/machine-id
%if ! 0%{?bootstrap} %if ! 0%{?bootstrap}
pam-config --add --systemd || : pam-config --add --systemd || :
%endif %endif

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue May 8 10:33:10 UTC 2018 - Thomas.Blume@suse.com
- align permissions of /etc/machine-id to upstream code (bsc#1092269)
world writeable machine-id is a security issue
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com Mon Apr 23 07:45:32 UTC 2018 - fbui@suse.com

View File

@ -685,9 +685,11 @@ fi
# machine ID in all images. # machine ID in all images.
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
touch %{_sysconfdir}/machine-id touch %{_sysconfdir}/machine-id
chmod 666 %{_sysconfdir}/machine-id
fi fi
# check if /etc/machine-id is writeable and change it to readonly
[[ -w %{_sysconfdir}/machine-id ]] && chmod 444 %{_sysconfdir}/machine-id
%if ! 0%{?bootstrap} %if ! 0%{?bootstrap}
pam-config --add --systemd || : pam-config --add --systemd || :
%endif %endif