CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not world readable...

Rewritten-From: e0a54a8ff5a8674ba634d6268f04903e5ed55eb3

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index 4766cb23743ec301eba0f94b8da4bb14c859fadf..f4a8f866b4a707ce6b123be11d5285e41d9012b9 100644 (file)
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -1,3 +1,10 @@
+horizon (2012.1.1-7) unstable; urgency=high
+
+  * CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not
+  world readable anymore (Closes: #693287).
+
+ -- Thomas Goirand <zigo@debian.org>  Thu, 15 Nov 2012 08:47:18 +0000
+
 horizon (2012.1.1-6) unstable; urgency=low
 
   * Keyerror when displaying Instances & Volumes:

diff --git a/trusty/debian/openstack-dashboard.postinst b/trusty/debian/openstack-dashboard.postinst
index 189fb920588adc267108a74c91ce46d9fa4be2aa..4c8c9e7928fb022311aa9269763e929ed7241277 100644 (file)
--- a/trusty/debian/openstack-dashboard.postinst
+++ b/trusty/debian/openstack-dashboard.postinst
@@ -4,10 +4,15 @@ set -e
 if [ "$1" = "configure" ]
 then
     adduser --system \
-       --home /var/lib/horizon \
+        --home /var/lib/horizon \
         --quiet \
         --disabled-password \
         --group horizon
+
+       if[ -r /etc/openstack-dashboard/local_settings.py ] ; then
+               chmod 0640 /etc/openstack-dashboard/local_settings.py
+               chown horizon:horizon /etc/openstack-dashboard/local_settings.py
+       fi
 fi
 
-#DEBHELPER#
\ No newline at end of file
+#DEBHELPER#