From: Thomas Goirand <thomas@goirand.fr>
Date: Thu, 15 Nov 2012 08:50:33 +0000 (+0000)
Subject: CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not world readable... 
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=a72c00d05eb42c150a01dee5c3b020ea51b6db0e;p=openstack-build%2Fhorizon-build.git

CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not world readable anymore (Closes: #693287)

Rewritten-From: e0a54a8ff5a8674ba634d6268f04903e5ed55eb3
---

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index 4766cb2..f4a8f86 100644
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -1,3 +1,10 @@
+horizon (2012.1.1-7) unstable; urgency=high
+
+  * CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not
+  world readable anymore (Closes: #693287).
+
+ -- Thomas Goirand <zigo@debian.org>  Thu, 15 Nov 2012 08:47:18 +0000
+
 horizon (2012.1.1-6) unstable; urgency=low
 
   * Keyerror when displaying Instances & Volumes:
diff --git a/trusty/debian/openstack-dashboard.postinst b/trusty/debian/openstack-dashboard.postinst
index 189fb92..4c8c9e7 100644
--- a/trusty/debian/openstack-dashboard.postinst
+++ b/trusty/debian/openstack-dashboard.postinst
@@ -4,10 +4,15 @@ set -e
 if [ "$1" = "configure" ]
 then
     adduser --system \
-	--home /var/lib/horizon \
+        --home /var/lib/horizon \
         --quiet \
         --disabled-password \
         --group horizon
+
+	if[ -r /etc/openstack-dashboard/local_settings.py ] ; then
+		chmod 0640 /etc/openstack-dashboard/local_settings.py
+		chown horizon:horizon /etc/openstack-dashboard/local_settings.py
+	fi
 fi
 
-#DEBHELPER#
\ No newline at end of file
+#DEBHELPER#