Public bug reported:
It seems that both /var/log/cloud-init.log and /var/log/cloud-init-
output.log files are created with the files as publicly readable
(specifically 0644 file permissions)
```
brandon@:~$ ls -al /var/log/cloud-init*
-rw-r--r-- 1 syslog adm 1060887 Jan 26 05:23 /var/log/cloud-init.log
-rw-r--r-- 1 root root 18666 Jan 26 05:23 /var/log/cloud-init-output.log
```
Are there concerns with these being publicly readable? I don't have any
specific examples of confidential information that may be exposed via these
logs, but wouldn't it seem prudent to limit file permissions in case there was
some unintended secrets output from another application or user-defined scripts
that are run via cloudinit?
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1541196
Title:
Limit file permissions on /var/log/cloud-init.log
Status in cloud-init:
New
Bug description:
It seems that both /var/log/cloud-init.log and /var/log/cloud-init-
output.log files are created with the files as publicly readable
(specifically 0644 file permissions)
```
brandon@:~$ ls -al /var/log/cloud-init*
-rw-r--r-- 1 syslog adm 1060887 Jan 26 05:23 /var/log/cloud-init.log
-rw-r--r-- 1 root root 18666 Jan 26 05:23 /var/log/cloud-init-output.log
```
Are there concerns with these being publicly readable? I don't have any
specific examples of confidential information that may be exposed via these
logs, but wouldn't it seem prudent to limit file permissions in case there was
some unintended secrets output from another application or user-defined scripts
that are run via cloudinit?
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1541196/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
