Project

General

Profile

Actions

Bug #9219

closed

STunnel: .pem files are created with incorrect permissions.

Added by Steve Wheeler over 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
stunnel
Target version:
-
Start date:
12/23/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4.x
Affected Plus Version:
Affected Architecture:
All

Description

After defining a new tunnel with a non-default certificate the resulting .pem file is readable by any user resulting in:

Dec 23 21:04:24     stunnel         LOG4[ui]: Insecure file permissions on /usr/local/etc/stunnel/5c1ff8399db61.pem 

The file should be readable only by root as the default .pem is:

[2.4.4-RELEASE][admin@xtm5.stevew.lan]/usr/local/etc/stunnel: ls -ls
total 24
4 -rw-------  1 root  wheel  3310 Dec 23 20:56 5c1ff65e4f65e.pem
4 drwxr-xr-x  2 root  wheel   512 Dec 23 18:22 conf.d
4 -rw-r--r--  1 root  wheel   269 Dec 23 20:56 stunnel.conf
8 -rw-r--r--  1 root  wheel  4455 Oct  3 15:08 stunnel.conf-sample
4 -rw-------  1 root  wheel  3201 Dec 23 18:22 stunnel.pem
Actions #2

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #4

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Resolved

Renato Botelho wrote:

PR has been merged. Thanks!

Tested on pfSense 2.5.0.a.20191217.2217 with stunnel 5.50_3

Resolved

Actions

Also available in: Atom PDF