Bug#780828: ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: 780828@bugs.debian.org, openssl@packages.debian.org
Subject: Bug#780828: ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 29 Mar 2015 22:24:50 +0200
Message-id: <[🔎] 1524647.u8QqviMzUG@k>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 780828@bugs.debian.org
In-reply-to: <[🔎] 20150320063636.20051.24121.reportbug@alice.fifthhorseman.net>
References: <[🔎] 20150320063636.20051.24121.reportbug@alice.fifthhorseman.net>

On Friday 20 March 2015 02:36:36, Daniel Kahn Gillmor wrote:
> make-ssl-cert appears to create the secret key material and then
> chmod it to restrict permissions.  This leaves a race condition
> where a non-privileged user on the system can read the file before
> the permissions change takes effect, thereby stealing the
> credentials created by the superuser.
> 
> make-ssl-cert should use umask instead, so that the new secret key
> files are protected by default.

I will change make-ssl-cert to set umask 077. But I wonder if a better 
fix would be if "openssl req" would set save permissions by default 
for the file given by "-keyout"? Any opinions? Kurt?

BTW, for the default snakeoil certificate, this is not an issue 
because the dir /etc/ssl/private/ is not world-readable.

Reply to:

References:
- Bug#780828: ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Processed: reassign 743498 to apache2-mpm-itk
Next by Date: Processing of ssl-cert_1.0.36_amd64.changes
Previous by thread: Bug#780828: ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable
Next by thread: Bug#780828: marked as done (ssl-cert: make-ssl-cert leaves window where new secret key may be world-readable)
Index(es):
- Date
- Thread