INN commit: trunk/nnrpd (tls.c)

INN Commit rra at isc.org
Thu Nov 3 02:28:22 UTC 2016


    Date: Wednesday, November 2, 2016 @ 19:28:21
  Author: eagle
Revision: 10089

Relax permission checks in nnrpd for TLS private key

Second-guessing whether we can read the file can get us in trouble
if file system ACLs are in use, and requiring the group match the
group of nnrpd makes it harder than necessary to set up automatic
certificate renewal via something like Let's Encrypt.  Relax the
permission checks to just check that the private key isn't
world-readable and that we can read it.

Modified:
  trunk/nnrpd/tls.c

-------+
 tls.c |   14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Modified: tls.c
===================================================================
--- tls.c	2016-10-18 20:49:00 UTC (rev 10088)
+++ tls.c	2016-11-03 02:28:21 UTC (rev 10089)
@@ -391,15 +391,13 @@
 	    return (0);
 	}
 
-        /* Check that the key file is a real file, not readable by
-         * everyone.  If the mode is 440 or 640, make sure the group owner
-         * is the news group (to prevent the failure case of having news:users
-         * as the owner and group. */
-	if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0
-            || ((buf.st_mode & 0040) != 0 && buf.st_gid != getegid())) {
+        /* Check that the key file is a real file, isn't world-readable, and
+         * that we can read it. */
+	if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0007) != 0
+            || access(key_file, R_OK) < 0) {
 	    syslog(L_ERROR, "bad ownership or permissions on private key"
-                   " '%s':  private key must be mode 640 at most, and readable"
-                   " by the news group only", key_file);
+                   " '%s': private key must be a regular file, readable by"
+                   " nnrpd, and not world-readable", key_file);
 	    return (0);
 	}
 



More information about the inn-committers mailing list