Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0013405 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | minor | have not tried | 2010-05-21 04:29 | 2010-08-19 00:00 | |||
| Reporter | gboyce | View Status | public | |||||
| Assigned To | jpabloae | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 2.50MP21 | |||
| Status | closed | Fix in branch | pi | Fixed in SCM revision | a | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Linux 32 bit | Database | PostgreSQL | Java version | 1.6.0_18 | |||
| OS Version | Professional Appliance | Database version | 8.3.9 | Ant version | 1.7.1 | |||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0013405: Swap is world readable on the OpenBravo Appliance | |||||||
| Description | Sorry if I filed this against the wrong component, but this is a bug against the virtual appliance for OpenBravo, not the OpenBravo code itself. While trying out the OpenBravo appliance for VirtualBox (OpenbravoERP-2.50MP17-x86.virtualbox.vdi), I noticed that the system uses /var/swap as a swap file. This swap file has group/world readable permissions, allowing any local users to access the memory of swapped out processes. Not too serious if there are no additional local users, but it can be dangerous if limited access login accounts are allowed on the system. | |||||||
| Steps To Reproduce | [openbravo@new-host-2 ~]$ ls -l /var/swap -rw-r--r-- 1 root root 134217728 2010-05-13 05:40 /var/swap | |||||||
| Proposed Solution | chmod 600 /var/swap | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0027871) jpabloae (viewer) 2010-06-01 18:41 |
I've reported the issue upstream. I'll update this issue when it's fixed. Thank you for the report! |
|
(0029715) jpabloae (viewer) 2010-07-30 17:26 |
This is fixed in out image generator server. The swap file will have 0600 permissions starting from the 2.50MP21 appliance. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-05-21 04:29 | gboyce | New Issue | |
| 2010-05-21 04:29 | gboyce | Assigned To | => alostale |
| 2010-05-24 08:40 | alostale | Assigned To | alostale => jpabloae |
| 2010-05-24 08:40 | alostale | Status | new => scheduled |
| 2010-05-24 08:40 | alostale | fix_in_branch | => pi |
| 2010-06-01 18:28 | jpabloae | Status | scheduled => acknowledged |
| 2010-06-01 18:41 | jpabloae | Status | acknowledged => scheduled |
| 2010-06-01 18:41 | jpabloae | Note Added: 0027871 | |
| 2010-07-30 17:26 | jpabloae | Note Added: 0029715 | |
| 2010-07-30 17:26 | jpabloae | Status | scheduled => resolved |
| 2010-07-30 17:26 | jpabloae | Fixed in Version | => 2.50MP21 |
| 2010-07-30 17:26 | jpabloae | Fixed in SCM revision | => n/a |
| 2010-07-30 17:26 | jpabloae | Resolution | open => fixed |
| 2010-08-18 14:16 | psarobe | Status | resolved => closed |
| 2010-08-19 00:00 | anonymous | sf_bug_id | 0 => 3048127 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |