View Issue Details

IDProjectCategoryView StatusLast Update
0012011Buildsyscentpkgpublic2016-10-20 20:09
Status resolvedResolutionfixed 
Summary0012011: centos-cert doesn't set permissions on generated certificates
DescriptionAfter running 'centos-cert -u lpancescu -n' in Fedora, the generated centos*.cert files have the permission 0664 (Fedora's default umask is 0002), potentially allowing other users on the same system to copy the certificates and impersonate me. Could you please set the permissions explicitly to 0600 when creating the file, similar to what ssh-keygen does?
Steps To Reproduce1. umask # probably 0002 or 0022
2. certos-cert -u <user> -n
2. ls -l .centos*.cert
Additional InformationWorkaround: remove the existing certs, set the umask explicitly to 0077, and run centos-cert again.
TagsNo tags attached.




2016-10-20 20:09

administrator   ~0027765

fixed in v0.5.4

Issue History

Date Modified Username Field Change
2016-10-11 16:25 lpancescu New Issue
2016-10-20 20:09 bstinson Status new => resolved
2016-10-20 20:09 bstinson Resolution open => fixed
2016-10-20 20:09 bstinson Note Added: 0027765