#751 Certificates directory is world-readable

Reporter Link Mauve
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • Status-New
  • Priority-Medium
  • Type-Defect
  • Security
  1. Link Mauve on

    What steps will reproduce the problem? 1. Install Prosody 2. ls -ld /etc/prosody/certs What is the expected output? What do you see instead? The directory containing certificates should be readable only by root and prosody, and writable only by root. Instead it is world-readable. What version of the product are you using? On what operating system? 0.9.10, on ArchLinux. Please provide any additional information below. Downstream bug: https://bugs.archlinux.org/task/50933

  2. Zash on

    Certificates are not secrets. The important thing is that the private keys are kept non-world-readable. And already public in that other bug tracker, no point in hiding it here.

    Changes
    • tags Hidden Priority-Medium

New comment