doh debug: create OPENSSLKEYLOGFILE accessible only by process owner

author Petr Špaček <petr.spacek@nic.cz>

Tue, 22 Oct 2019 11:26:39 +0000 (13:26 +0200)

committer Tomas Krizek <tomas.krizek@nic.cz>

Wed, 20 Nov 2019 12:17:38 +0000 (13:17 +0100)
author Petr Špaček <petr.spacek@nic.cz>
Tue, 22 Oct 2019 11:26:39 +0000 (13:26 +0200)
committer Tomas Krizek <tomas.krizek@nic.cz>
Wed, 20 Nov 2019 12:17:38 +0000 (13:17 +0100)
diff --git a/modules/http/debug_opensslkeylog.c b/modules/http/debug_opensslkeylog.c

index 5e97e2f7af3a1537ab1f8008ea059810c63707d6..31fb6862205cfcf23145ba5fd4f2d46f3d440e44 100644 (file)
--- a/modules/http/debug_opensslkeylog.c
+++ b/modules/http/debug_opensslkeylog.c
@@ -110,7 +110,7 @@ static void init_keylog_file(void)
      const char *filename = getenv("OPENSSLKEYLOGFILE");
      if (filename) {
         /* ctime output is max 26 bytes, POSIX 1003.1-2017 */
-       keylog_file_fd = open(filename, O_WRONLY | O_APPEND | O_CREAT, 0644);
+       keylog_file_fd = open(filename, O_WRONLY | O_APPEND | O_CREAT, 0600);
          if (keylog_file_fd >= 0 && lseek(keylog_file_fd, 0, SEEK_END) == 0) {
              time_t timenow = time(NULL);
              char txtnow[30] = { '#', ' ', 0 };
author	Petr Špaček <petr.spacek@nic.cz>
	Tue, 22 Oct 2019 11:26:39 +0000 (13:26 +0200)
committer	Tomas Krizek <tomas.krizek@nic.cz>
	Wed, 20 Nov 2019 12:17:38 +0000 (13:17 +0100)