CVE-2013-1977 - OpenStack keystone.conf insecure file permissions

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As reported:
https://bugs.launchpad.net/keystone/+bug/1168252

The password configuration of LDAP and admin_token in keystone.conf
should be secret to protect security information:

[ldap]
# url = ldap://localhost
# user = dc=Manager,dc=example,dc=com
# password = None <- should be secrect
# suffix = cn=example,cn=com
# use_dumb_member = False
# allow_subtree_delete = False
# dumb_member = cn=dumb,dc=example,dc=com

[DEFAULT]
admin_token = passw0rd <- should be secrect



Red Hat has a modified installer, we install the file as:
- -rw-------. 1 keystone keystone 10235 Apr 19 00:21
/etc/keystone/keystone.conf

Unfortunately when we hardened our installer I didn't check the
upstream distribution for the same flaw, something I should have done.
I'm now going to review the other hardening we did to ensure upstream
is aware of these potential problems.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRcOphAAoJEBYNRVNeJnmTBe4QAKTD9ZwlHAxy4T8Yvyx3kf9L
gKnO6/YjLPZfgX0YFw6jseUJ9dYkPwHNEBhPISTgW+ZYHvITD2c32SsbBtHwp41y
DgJkYuvUy7QL0h9JUKz922pIMsTCTw1vxudVA1v9szUFOeNUkuxYp+sOU+XjLVcX
12sWjhlrclpyKeVjxehE2gK+X8HONdHG/iyuYYm3Xjx9U0w5T3GZ/LJuBipaW/K6
N8DNygS5cUX7QXjQ5Cpm3JTW9fTu4Lkx+XL6EoSPlkE5uYeoxLRV2aGdCwtgKLJl
dwJXO5pgQMSXEee2c6j2JrbcFlY0Pu3GZF2BP5ZRvFcOJs2A8VgmJYZJoNX9vLAd
gtLuUNcAN3GJnhpvNUzf2UO4im/3+Y/7y6xQ+F54ud/3jE3BaPezoA3CSGeUg924
ygPSivWWztCYxTzxfadiJ382Lv77kFvu2+TGODa6HSm5EIa2PfgTwfq5kTYpbpqL
ULdgwBrCPrcPzCe6uCt/DVumyOLVVdooYecHFop5+XtyliX1ja0Bl3dKCFoI3sSy
lumhNJdPH/Q/0guyTqimTeTmLwc3WWqL9rhBLblKqSE138DqgaCJ3befjgyZt8mB
5sAQp7NvHu/UsoT4gJ0qjfetAo5ZLKpC3HCc6LIDpH3A4K4UtB5HAIANtgb9x+i4
B9A+8D2OtoJMwlh8To8A
=Z0kN
-----END PGP SIGNATURE-----