]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 265b585)
mkcert.sh: Use umask to create key file as 0600
authorTimo Sirainen <timo.sirainen@dovecot.fi>
Mon, 21 Nov 2016 23:28:33 +0000 (01:28 +0200)
committerTimo Sirainen <timo.sirainen@dovecot.fi>
Fri, 25 Nov 2016 13:31:29 +0000 (15:31 +0200)
Fixes a race condition between creation of the file and a later chmod.
This script was mostly meant as an example though, and not really for
production use. Especially because it generates self-signed certs.
CVE-2016-4983

doc/mkcert.sh patch | blob | blame | history

diff --git a/doc/mkcert.sh b/doc/mkcert.sh
index 2fedd481bd3d6f9623d3144e949f7b7eb020332a..f7e484cf4d4e7710f5a0fbfee20810ada8cf45f5 100644 (file)
--- a/doc/mkcert.sh
+++ b/doc/mkcert.sh
@@ -3,6 +3,7 @@
 # Generates a self-signed certificate.
 # Edit dovecot-openssl.cnf before running this.
 
+umask 077
 OPENSSL=${OPENSSL-openssl}
 SSLDIR=${SSLDIR-/etc/ssl}
 OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
Mirror of https://github.com/dovecot/core.git