TLS certificate permission checks

Russ Allbery eagle at eyrie.org
Thu Oct 27 23:06:22 UTC 2016


In another group I read, someone was setting up a TLS certificate for use
with nnrpd using Let's Encrypt, and they ran into a ton of trouble because
of the very tight permission checks in nnrpd before it's willing to use
the certificate.  (The root problem was that the key was rejected because
it was owned by a different group than news, even though it otherwise had
the correct permissions.)

I think we may be a bit too aggressive about this.  We're trying to
protect people against mistakes that could leak the key to other users on
the same host, but it's increasingly uncommon for a news server to run on
the same box as untrusted people, so I'm not sure how much this matters.
And it causes some friction when people are setting up automatic
certificate renewal.

What would folks think about replacing the current checks in nnrpd/tls.c
with just:

    !S_ISREG(buf.st_mode) || (buf.st_mode & 0007) != 0

which just makes sure that it's a regular file and not world-readable?

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list