Your message dated Tue, 26 Jul 2016 21:34:21 +0200 with message-id <[email protected]> and subject line Re: openssl genrsa creates private key file with insecure permissions has caused the Debian Bug report #702998, regarding openssl genrsa creates private key file with insecure permissions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 702998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702998 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssl Version: 1.0.1e-1 Severity: normal Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 When I want openssl to create a private key for me, it creates the key file with read access to the world. I don't think that is desired behavior. Instead I would expect the file to be read (and write) only for the owner of the file. paul@wollumbin ~/tmp $ openssl genrsa -out test-private.key 2048 Generating RSA private key, 2048 bit long modulus .................+++ .............................................................................................+++ e is 65537 (0x10001) paul@wollumbin ~/tmp $ ll test-private.key - -rw-r--r-- 1 paul paul 1679 mrt 13 22:48 test-private.key - -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-38 ii libssl1.0.0 1.0.1e-1 ii zlib1g 1:1.2.7.dfsg-13 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119 - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRQPTNAAoJEJxcmesFvXUKJEEH/itYURw5LrNRF429XCaIUCwd 0sZJmLgy9r1yWQ4yAwm+Y06hUQ4Fmx6aA4TNCHyX7VrUSqFPlXa2Syf1pnxR81zS 3FXEi/yFAOJPzI7SfMAzOcV8zRgl43ahUhchPj4RUB/WFBYF5uhr6A2B/JNg8unB wNsIkLUTbxuWBj752yNBHrzkkvtHTRxbHPTNieDoB2KiHEi0K5IjvpSvAIhnc8mX aVz/ZIHhWgdjoGjQZC3DsIbOkbcXgaEhCNtASB8R5iN8YuIl9FEvoTq/FgYFQ0Lk KnYAs+CMNmqc8l4GRktBj3pLFKcUTvtnp3DFNgzhNP09qqXPN8jX9spV17S+nLA= =fxWr -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Version: 1.1.0~pre5-1 On 2013-03-13 22:51:09 [+0100], Paul Gevers wrote: > When I want openssl to create a private key for me, it creates the key file > with read access to the world. I don't think that is desired behavior. Fixed as per 3b061a00e39d ("RT2547: Tighten perms on generated privkey files"). Sebastian
--- End Message ---
