Actions
Bug #9219
closed
STunnel: .pem files are created with incorrect permissions.
Start date:
12/23/2018
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Affected Version:
2.4.x
Affected Plus Version:
Affected Architecture:
All
Description
After defining a new tunnel with a non-default certificate the resulting .pem file is readable by any user resulting in:
Dec 23 21:04:24 stunnel LOG4[ui]: Insecure file permissions on /usr/local/etc/stunnel/5c1ff8399db61.pem
The file should be readable only by root as the default .pem is:
[2.4.4-RELEASE][admin@xtm5.stevew.lan]/usr/local/etc/stunnel: ls -ls total 24 4 -rw------- 1 root wheel 3310 Dec 23 20:56 5c1ff65e4f65e.pem 4 drwxr-xr-x 2 root wheel 512 Dec 23 18:22 conf.d 4 -rw-r--r-- 1 root wheel 269 Dec 23 20:56 stunnel.conf 8 -rw-r--r-- 1 root wheel 4455 Oct 3 15:08 stunnel.conf-sample 4 -rw------- 1 root wheel 3201 Dec 23 18:22 stunnel.pem
Updated by Viktor Gurov over 5 years ago
Updated by Jim Pingle over 5 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 5 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov over 5 years ago
- Status changed from Feedback to Resolved
Renato Botelho wrote:
PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191217.2217 with stunnel 5.50_3
Resolved
Actions