Bug#571631: libapache2-mod-shib2: shib-keygen generates world-readable key file
Scott Cantor
cantor.2 at osu.edu
Thu Apr 1 17:16:49 UTC 2010
> Don't you think it's kind of an openssl bug to create the key material
> with full permissions? Shouldn't it creat("keyfile", 0600)?
Would be nice I suppose.
> This aside, I'd recommend working around the issue by creating the key
> file beforehand with restricted permissions, and not touching umask:
I could imagine it working or failing depending on what the openssl code
does, but I can look into it.
> https://bugs.internet2.edu/jira/browse/SSPCPP-281 is pretty much
> orthogonal to this (and I'm not sure it's worth adding options which
> could be simulated by a cd before and a chown after.)
<shrug>
-- Scott
More information about the Pkg-shibboleth-devel
mailing list