Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

#8127 Fix how we write the .google_authenticator file

Milestone: v1.6.0

Status: closed

Owner: Dave Brondsema

Labels: security (34)

Component: General

Reviewer: nobody

Updated: 2016-09-15

Created: 2016-09-09

Creator: Dave Brondsema

Private: No

The google authenticator PAM module will write the .google_authenticator files with permission 400 (-r--------) and then Allura can't write to it. We also need to write it with 400 or 600 perms, so it is secure for PAM to use it afterwards. And best to do it atomically, with a file rename operation.

Discussion

Dave Brondsema - 2016-09-09

db/8127

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kenton Taylor - 2016-09-15

Looks good, clear to merge.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-09-15

status: review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-12-14

Milestone: unreleased --> v1.6.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#8127 Fix how we write the .google_authenticator file

Discussion