[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706933: 1100-sslcert checks for wrong package; snakeoil cert is not regenerated

Package: live-config
Version: 3.0.23-1
Severity: normal

[When asked privately in IRC, dba didn't consider this a security
issue, so I'm reporting it normally.]

It looks like /lib/live/config/1100-sslcert is trying to regenerate
the snakeoil key & cert at boot time, similar to how SSH host keys are
handled in 1170-openssh-server.  AFAICT this code will never run,
because it looks for "sslcert" when it should look for "ssl-cert".

If someone builds a live SOE with a daemon, and that daemon is stupid
enough to use the snakeoil certs instead of generating its own, that
daemon will be using the same key across all boots/instances.  If an
attacker got hold of the SOE, they could extract the build-time
snakeoil key and use it for MITM type things.

(Of course, any daemon that generates its own certs would need an
equivalent to this script, or be similarly affected.  Same thing if
someone builds a live SOE with dropbear or lsh instead of openssh.)

Reply to: