[asterisk-bugs] [Asterisk 0012373]: astgenkey creates world-readable private keys

noreply at bugs.digium.com noreply at bugs.digium.com
Sun Apr 6 10:01:59 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12373 
====================================================================== 
Reported By:                lmamane
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12373
Category:                   Utilities/General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.19 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             04-06-2008 07:25 CDT
Last Modified:              04-06-2008 10:01 CDT
====================================================================== 
Summary:                    astgenkey creates world-readable private keys
Description: 
The shipped astgenkey creates the private key world-readable, even in "-n"
(unencrypted private key) mode. Here's the patch to generate it 0600 that I
added to Debian.
====================================================================== 

---------------------------------------------------------------------- 
 Corydon76 - 04-06-08 10:01  
---------------------------------------------------------------------- 
Actually, it's following the Asterisk standard, which is to let the system
administrator decide what permissions should be set via the umask.  All
files in Asterisk follow the umask.  A system administrator may decide to
make voicemail files, for example, world-accessible, and that's fine; it is
properly the individual system administrator's decision. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-06-08 10:01  Corydon76      Note Added: 0085048                          
======================================================================

More information about the asterisk-bugs mailing list