Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rtslib-fb | Rtslib-fb_project | * | 2.1.72 (including) |
Red Hat Enterprise Linux 7 | RedHat | python-rtslib-0:2.1.74-1.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | python-rtslib-0:2.1.73-2.el8 | * |
Python-rtslib-fb | Ubuntu | devel | * |
Python-rtslib-fb | Ubuntu | eoan | * |
Python-rtslib-fb | Ubuntu | esm-apps/focal | * |
Python-rtslib-fb | Ubuntu | focal | * |
Python-rtslib-fb | Ubuntu | groovy | * |
Python-rtslib-fb | Ubuntu | hirsute | * |
Python-rtslib-fb | Ubuntu | impish | * |
Python-rtslib-fb | Ubuntu | jammy | * |
Python-rtslib-fb | Ubuntu | kinetic | * |
Python-rtslib-fb | Ubuntu | lunar | * |
Python-rtslib-fb | Ubuntu | mantic | * |
Python-rtslib-fb | Ubuntu | noble | * |
Python-rtslib-fb | Ubuntu | trusty | * |