BIND 10 #870: private files not private
BIND 10 Development
do-not-reply at isc.org
Wed Apr 27 13:37:02 UTC 2011
#870: private files not private
-------------------------------------+-------------------------------------
Reporter: jreed | Owner:
Type: defect | Status: new
Priority: major | Milestone: New
Component: Unclassified | Tasks
Sensitive: 1 | Keywords:
Sub-Project: DNS | Defect Severity: Very
Estimated Difficulty: 0 | High
Total Hours: 0 | Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
{{{
-rw-r--r-- 1 root wheel 887 Mar 22 08:24 cmdctl-keyfile.pem
-rw-r--r-- 1 root wheel 1285 Mar 22 08:24 cmdctl-certfile.pem
-rw-r--r-- 1 root wheel 115 Mar 22 08:24 cmdctl-accounts.csv
}}}
The "Private" key is not private. I know the default is public and is in
the source, but we should still have permissions correct.
The hashed password is not private. This also is the default.
Maybe in addition to fixing the installation targets, we should have the
cmdctl daemon abort if are other-readable and maybe even if are group-
readable or other-writable.
I marked this as "sensitive" and "Very High" defect severity for a test.
We can practice using this ticket as security issue.
--
Ticket URL: <http://bind10.isc.org/ticket/870>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list