Package: openssl Version: 1.0.1e-1 Severity: normal Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
When I want openssl to create a private key for me, it creates the key file with read access to the world. I don't think that is desired behavior. Instead I would expect the file to be read (and write) only for the owner of the file. paul@wollumbin ~/tmp $ openssl genrsa -out test-private.key 2048 Generating RSA private key, 2048 bit long modulus .................+++ .............................................................................................+++ e is 65537 (0x10001) paul@wollumbin ~/tmp $ ll test-private.key - -rw-r--r-- 1 paul paul 1679 mrt 13 22:48 test-private.key - -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-38 ii libssl1.0.0 1.0.1e-1 ii zlib1g 1:1.2.7.dfsg-13 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119 - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRQPTNAAoJEJxcmesFvXUKJEEH/itYURw5LrNRF429XCaIUCwd 0sZJmLgy9r1yWQ4yAwm+Y06hUQ4Fmx6aA4TNCHyX7VrUSqFPlXa2Syf1pnxR81zS 3FXEi/yFAOJPzI7SfMAzOcV8zRgl43ahUhchPj4RUB/WFBYF5uhr6A2B/JNg8unB wNsIkLUTbxuWBj752yNBHrzkkvtHTRxbHPTNieDoB2KiHEi0K5IjvpSvAIhnc8mX aVz/ZIHhWgdjoGjQZC3DsIbOkbcXgaEhCNtASB8R5iN8YuIl9FEvoTq/FgYFQ0Lk KnYAs+CMNmqc8l4GRktBj3pLFKcUTvtnp3DFNgzhNP09qqXPN8jX9spV17S+nLA= =fxWr -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
