Julien ÉLIE <jul...@trigofacile.com> writes:
> I think the issue is that nnrpd tries to make sure that only the news
> user can read the private key. 400 news:news would also be fine (and it
> is not writable by the news user).
> When we have 640 root:news, other users in the news group can read the
> key. And not only the news user. But is it really important to check
> that? Can't we have cases with other groups than the news one? (adm,
> wheel, or groups like these)
Ah, hm.
At first glance, it seems to me like the news group is fairly trusted
already by INN, and I'm missing why we should be worried about people in
the news group being able to see the private key.
On the other hand, I couldn't point you at any particular problem caused
by having the key be owned by the news user. I just have a knee-jerk
reaction against having system users own files where possible.
> Maybe we should just do:
> if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0) {
> syslog(L_ERROR, "bad ownership or permissions on private key"
> " '%s': private key must be mode 640 at most", cert_file);
> return (0);
> }
We should probably be slightly more paranoid and ensure that if the mode
is 440 or 640, the group owner is the news group (to prevent the failure
case of having news:users as the owner and group).
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
