[asterisk-bugs] [Asterisk 0012373]: astgenkey creates world-readable private keys
noreply at bugs.digium.com
noreply at bugs.digium.com
Sun Apr 6 10:09:33 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12373
======================================================================
Reported By: lmamane
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12373
Category: Utilities/General
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.4.19
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 04-06-2008 07:25 CDT
Last Modified: 04-06-2008 10:09 CDT
======================================================================
Summary: astgenkey creates world-readable private keys
Description:
The shipped astgenkey creates the private key world-readable, even in "-n"
(unencrypted private key) mode. Here's the patch to generate it 0600 that I
added to Debian.
======================================================================
----------------------------------------------------------------------
mvanbaak - 04-06-08 10:09
----------------------------------------------------------------------
You are chowning the file to 'asterisk:asterisk' when the script is run by
root.
I dont think this should be the default. It's fine for the Debian package
because that will run asterisk as user asterisk, but it's not the default
for the asterisk source package.
Issue History
Date Modified Username Field Change
======================================================================
04-06-08 10:09 mvanbaak Note Added: 0085051
======================================================================
More information about the asterisk-bugs
mailing list