[Pkg-openssl-devel] Bug#471958: openssl: Generated private keys world-readable by default

[Lionel Elie Mamane]

On Fri, Mar 21, 2008 at 02:23:38PM +0100, Florian Weimer wrote:
> * Lionel Elie Mamane:
>> On Fri, Mar 21, 2008 at 01:20:01PM +0100, Florian Weimer wrote:

>>>> master at capsaicin:~ 148 $ openssl genrsa -out foo 512
>>>> -rw-r--r-- 1 master master 493 mar 21 11:51 foo

>>>> The generated key should really not be world-readable by default.

>>> You could simply use a more restrictive umask.

>> Yes, but that command is used by several application-specific
>> scripts; I find it safer to have openssl do the secure thing by
>> default rather than go and fix all scripts that call it to set a
>> correct umask.

> This would mean that these scripts break when used with older
> OpenSSL versions,

True, but that's a reason for *also* fixing those scripts, not really
an argument for not making OpenSSL more secure by default.

> or versions that haven't been patched (assuming that upstream
> doesn't pick up the change).  Therefore, I don't think this is a
> good idea to patch Debian unilaterally.

OK, fair enough. If only Debian patches it, people using Debian will
write scripts using genrsa that are dangerous on other OSes. I've
emailed upstream with the suggestion, we'll see what they think of
it.

-- 
Lionel