[Pkg-openssl-devel] Bug#780828: ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable
Stefan Fritsch
sf at sfritsch.de
Sun Mar 29 20:24:50 UTC 2015
On Friday 20 March 2015 02:36:36, Daniel Kahn Gillmor wrote:
> make-ssl-cert appears to create the secret key material and then
> chmod it to restrict permissions. This leaves a race condition
> where a non-privileged user on the system can read the file before
> the permissions change takes effect, thereby stealing the
> credentials created by the superuser.
>
> make-ssl-cert should use umask instead, so that the new secret key
> files are protected by default.
I will change make-ssl-cert to set umask 077. But I wonder if a better
fix would be if "openssl req" would set save permissions by default
for the file given by "-keyout"? Any opinions? Kurt?
BTW, for the default snakeoil certificate, this is not an issue
because the dir /etc/ssl/private/ is not world-readable.
More information about the Pkg-openssl-devel
mailing list