sensitive file with too large permission

[zzzzoy]

ingress-nginx-controller places the key file on the disk and use permission 0o700 for starting the nginx server. https://github.com/kubernetes/ingress-nginx/blob/main/pkg/util/file/filesystem.go
i think 0600 shall be enough.

$ ll /etc/ingress-controller/ssl/kube-system-ingress-cert.pem
-rwx------ 1 root root 4911 Mar 26 11:08 /etc/ingress-controller/ssl/kube-system-ingress-cert.pem

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Gacko]

I understand your concern. Could you please elaborate on what's wrong with the executable flag here? I understand it's not required, but in which way is it a bug?