Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Fixing excessive unix file permissions into release/1.8.x #14841

Closed
wants to merge 3 commits into from
Closed

Backport of Fixing excessive unix file permissions into release/1.8.x #14841

wants to merge 3 commits into from

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #14791 to be assessed for backporting due to the inclusion of the label backport/1.8.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

The below text is copied from the body of the original PR.

I also ran https://github.com/securego/gosec#github-action

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-4364/usefully-trusty-starling branch from d09ebca to 8219da1 Compare April 1, 2022 16:58
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 1, 2022 16:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 1, 2022 16:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 1, 2022 18:06 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 1, 2022 18:06 Inactive
akshya96
akshya96 reviewed Apr 1, 2022
View reviewed changes
physical/raft/raft.go
@@ -274,7 +274,7 @@ func EnsurePath(path string, dir bool) error {
if !dir {
path = filepath.Dir(path)
}
return os.MkdirAll(path, 0o755)
return os.MkdirAll(path, 0o750)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember seeing this as 0o700 in your main PR. https://github.com/hashicorp/vault/pull/14791/files

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, it seems that backport assistant is not doing the right job. I will push manual backports for all of these.

akshya96
akshya96 reviewed Apr 1, 2022
View reviewed changes
physical/raft/snapshot.go
@@ -86,7 +86,7 @@ func NewBoltSnapshotStore(base string, logger log.Logger, fsm *FSM) (*BoltSnapsh

// Ensure our path exists
path := filepath.Join(base, snapPath)
if err := os.MkdirAll(path, 0o755); err != nil && !os.IsExist(err) {
if err := os.MkdirAll(path, 0o750); err != nil && !os.IsExist(err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above comment

akshya96
akshya96 reviewed Apr 1, 2022
View reviewed changes
physical/raft/snapshot.go
@@ -324,7 +324,7 @@ func (s *BoltSnapshotSink) writeBoltDBFile() error {
s.logger.Info("creating new snapshot", "path", path)

// Make the directory
if err := os.MkdirAll(path, 0o755); err != nil {
if err := os.MkdirAll(path, 0o750); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above comment

@hghaf099 hghaf099 closed this Apr 4, 2022
@hghaf099 hghaf099 deleted the backport/vault-4364/usefully-trusty-starling branch April 4, 2022 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akshya96 akshya96 akshya96 left review comments

@hghaf099 hghaf099 Awaiting requested review from hghaf099

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-secure-vault-core @hghaf099 @akshya96