Project

General

Profile

Bug #9219

STunnel: .pem files are created with incorrect permissions.

Added by Steve Wheeler 11 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
stunnel
Target version:
-
Start date:
12/23/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:
All

Description

After defining a new tunnel with a non-default certificate the resulting .pem file is readable by any user resulting in:

Dec 23 21:04:24     stunnel         LOG4[ui]: Insecure file permissions on /usr/local/etc/stunnel/5c1ff8399db61.pem 

The file should be readable only by root as the default .pem is:

[2.4.4-RELEASE][admin@xtm5.stevew.lan]/usr/local/etc/stunnel: ls -ls
total 24
4 -rw-------  1 root  wheel  3310 Dec 23 20:56 5c1ff65e4f65e.pem
4 drwxr-xr-x  2 root  wheel   512 Dec 23 18:22 conf.d
4 -rw-r--r--  1 root  wheel   269 Dec 23 20:56 stunnel.conf
8 -rw-r--r--  1 root  wheel  4455 Oct  3 15:08 stunnel.conf-sample
4 -rw-------  1 root  wheel  3201 Dec 23 18:22 stunnel.pem

Also available in: Atom PDF