Julien Cristau wrote:
> right, shipping ssl private keys in the package, that sounds like a good
> idea... not.
No, my idea was to put a blank file in the package so it had the correct
rights from the beginning, but I new there would have been some problems
as it would have been marked conffile. F
On Mon, Mar 12, 2007 at 14:38:02 +0800, Thomas Goirand wrote:
> Julien Cristau wrote:
> > Package: dtc-xen
> > Version: 0.2.6-5
> > Severity: serious
> > Tags: security
> >
> > Hi,
> >
> > dtc-xen creates files in /etc/dtc-xen in its postinst, in particular ssl
> > private keys, and only after t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julien Cristau wrote:
> Package: dtc-xen
> Version: 0.2.6-5
> Severity: serious
> Tags: security
>
> Hi,
>
> dtc-xen creates files in /etc/dtc-xen in its postinst, in particular ssl
> private keys, and only after that chmods them. This means that th
Package: dtc-xen
Version: 0.2.6-5
Severity: serious
Tags: security
Hi,
dtc-xen creates files in /etc/dtc-xen in its postinst, in particular ssl
private keys, and only after that chmods them. This means that they is
a race condition which makes these files readable by anyone.
Cheers,
Julien
si
4 matches
Mail list logo
