Bug 6559 – grid-change-passphrase umask

Bug 6559 - grid-change-passphrase umask

Summary:

grid-change-passphrase umask

Status:	RESOLVED FIXED

Product:	GSI C
Component:	Credentials and Proxies
Version:	4.2.1
Platform:	All All

Importance:	P3 normal
Target Milestone:	4.2.2
Assigned To:	Joe Bester

URL:
Keywords:	4.0.x

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-12-01 11:21 by Joe Bester
Modified:	2008-12-01 15:13 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Joe Bester 2008-12-01 11:21:15

The grid-change-passphrase script doesn't set umask prior to running the
openssl command to create a new key file. In the time between that file's
creation and the new passphrase being entered twice, another use could open
that file for reading to get a peek at the (encrypted) private key.

------- Comment #1 From Joe Bester 2008-12-01 11:42:55 -------

Fix committed to 4.0 branch, 4.2 branch, and trunk