Return-Path:
Looks good, clear to merge.
[tickets:#8127] Fix how we write the .google_authenticator file
Status: review
Milestone: unreleased
Labels: security
Created: Fri Sep 09, 2016 07:29 PM UTC by Dave Brondsema
Last Updated: Fri Sep 09, 2016 07:30 PM UTC
Owner: Dave Brondsema
The google authenticator PAM module will write the .google_authenticator
files with permission 400 (-r--------)
and then Allura can't write to it. We also need to write it with 400
or 600
perms, so it is secure for PAM to use it afterwards. And best to do it atomically, with a file rename operation.
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.