[Kernel-packages] [Bug 2018908] [NEW] [UBUNTU 23.04] opencryptoki 3.20.0: strength.conf has wrong mode

bugproxy Mon, 08 May 2023 10:06:07 -0700

Public bug reported:

After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf
file that is installed into /etc/opencryptoki/ has a wrong mode.


After starting pkcsslotrd, command 'pkcsconf -t' shows 
     pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
     usr/lib/api/policy.c POLICY: Configuration file 
/etc/opencryptoki/strength.conf has wrong permissions!

# ls -l /etc/opencryptoki/strength.conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf

So it has a mode of 644, but it must have a mode of 640 ! This is
checked by the code, and opencryptoki is not usable if the mode is
wrong. The owner "root:pkcs11" is correct.

Circumvention: manually change the mode to 0640. After that 'pkcsconf
-t' works.

Note: This affects all architectures where opencryptoki is supported.

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New


** Tags: architecture-s39064 bugnameltc-202533 severity-medium 
targetmilestone-inin2304

** Tags added: architecture-s39064 bugnameltc-202533 severity-medium
targetmilestone-inin2304

** Changed in: ubuntu
     Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)

** Package changed: ubuntu => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2018908

Title:
  [UBUNTU 23.04] opencryptoki 3.20.0: strength.conf has wrong mode

Status in linux package in Ubuntu:
  New

Bug description:
  After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf
  file that is installed into /etc/opencryptoki/ has a wrong mode.

  After starting pkcsslotrd, command 'pkcsconf -t' shows 
       pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
  and the syslog shows:
       usr/lib/api/policy.c POLICY: Configuration file 
/etc/opencryptoki/strength.conf has wrong permissions!

  # ls -l /etc/opencryptoki/strength.conf
  -rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf

  So it has a mode of 644, but it must have a mode of 640 ! This is
  checked by the code, and opencryptoki is not usable if the mode is
  wrong. The owner "root:pkcs11" is correct.

  Circumvention: manually change the mode to 0640. After that 'pkcsconf
  -t' works.

  Note: This affects all architectures where opencryptoki is supported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2018908/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2018908] [NEW] [UBUNTU 23.04] opencryptoki 3.20.0: strength.conf has wrong mode

Reply via email to