mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
83a3ae18dd
commit
cf29fb2cf4
@ -258,7 +258,9 @@ sub mk_keyblobs($$)
|
||||
my $admincertfile = "$tlsdir/admincert.pem";
|
||||
my $admincertupnfile = "$tlsdir/admincertupn.pem";
|
||||
|
||||
mkdir($tlsdir, 0777);
|
||||
mkdir($tlsdir, 0700);
|
||||
my $oldumask = umask;
|
||||
umask 0077;
|
||||
|
||||
#This is specified here to avoid draining entropy on every run
|
||||
open(DHFILE, ">$dhfile");
|
||||
@ -449,6 +451,8 @@ Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
|
||||
Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
umask $oldumask;
|
||||
}
|
||||
|
||||
sub provision_raw_prepare($$$$$$$$$$)
|
||||
|
Loading…
Reference in New Issue
Block a user