On 05/02/15 02:12 PM, Marcel Kleinfeller wrote:
> Hello!
> 
> When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this:
> 
> [...]
> lrwxrwxrwx 1 root root    102 21. Dez 17:56
> Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem ->
> ../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
> 
> [...]
> 
> All certificates are publicly writable.
> 
> I never set chmod to 777 on this directory and I see a great security
> lack here.
> Any program could inject its own certificate there, you should know this
> isn't good ;)
> 
> Tell me whether this is just an issue on my own system or a general issue.
> 
> Marcel Kleinfeller <mar...@oompf.de>

It's not an issue. It's a symlink. The permissions on the directory and
the target are what matters.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to