Bug#631257: more context on this bug

Sat, 17 Mar 2012 00:09:16 -0700 

I have some more context on this bug from looking over the postinst script.

1) The script's check for the existence of SSL_CERT and SSL_KEY is improper 
because the user could be placing them in different paths from what's expected 
and breaking the [ -e $SSL_CERT ] && [ -e $SSL_KEY ] .

In my case I named my private key with suffix '.key' and the postinst 
destroyed my private key for my working certificate. Many packages and people 
name their certificate with '.key' so I don't think this is a reasonable thing 
to do.

2) It should check for one or the other and at most issue a warning in case 
the user picked a different name, instead of blindly overwriting an existing 
one, or it should warn and prompt before overwriting an existing cert half or 
cert pair.

3) Isn't using /dev/urandom instead of /dev/random also risking an insecure 
certificate? Obviously most people who care would not use a self signed one 
but I think the question should at least be asked.

Regards,
Matthew.

>From /var/lib/dpkg/info/dovecot-core.postinst:

  ## SSL Certs
  # Certs and key file
  SSL_CERT="/etc/ssl/certs/dovecot.pem"
  SSL_KEY="/etc/ssl/private/dovecot.pem"

  # Generate new certs if needed
  if [ -e $SSL_CERT ] && [ -e $SSL_KEY ]; then
    echo "You already have ssl certs for dovecot."
  else
    echo "Creating generic self-signed certificate: $SSL_CERT"
    echo "This certificate will expire in 10 years."
    echo "(replace with hand-crafted or authorized one if needed)."
    cd /etc/ssl/certs
    PATH=$PATH:/usr/bin/ssl
    if ! FQDN="$(hostname -f)"; then
        FQDN="$(hostname)"
        echo WARNING: Could not get FQDN, using \"$FQDN\".
    fi
    MAILNAME="$(cat /etc/mailname 2> /dev/null || echo "$FQDN")"
    (openssl req -newkey rsa:2048  -x509 -days 3652.5 -nodes \
        -rand /dev/urandom -out $SSL_CERT -keyout $SSL_KEY > /dev/null 2>&1 <<+
.
.
.
Dovecot mail server
$FQDN
$FQDN
root@$MAILNAME
+
    ) || echo "Warning : Bad SSL config, can't generate certificate."
  fi

  ucfr dovecot-core $SSL_CERT
  ucfr dovecot-core $SSL_KEY

  if [ ! -h $SSL_CERT ] && [ ! -h $SSL_KEY ]; then
    chown root:dovecot $SSL_CERT || true
    chmod 0644 $SSL_CERT || true
    chown root:dovecot $SSL_KEY || true
    chmod 0600 $SSL_KEY || true
  fi

fi



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to