1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()

We should generate private keys with 0600.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-10-30 14:48:36 +01:00 committed by Karolin Seeger
parent 83a3ae18dd
commit cf29fb2cf4

View File

@ -258,7 +258,9 @@ sub mk_keyblobs($$)
my $admincertfile = "$tlsdir/admincert.pem";
my $admincertupnfile = "$tlsdir/admincertupn.pem";
mkdir($tlsdir, 0777);
mkdir($tlsdir, 0700);
my $oldumask = umask;
umask 0077;
#This is specified here to avoid draining entropy on every run
open(DHFILE, ">$dhfile");
@ -449,6 +451,8 @@ Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
-----END CERTIFICATE-----
EOF
umask $oldumask;
}
sub provision_raw_prepare($$$$$$$$$$)