[Bug 261330] certctl rehash obeys (when it should not?) changed umask

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 19 Jan 2022 11:00:00 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261330

            Bug ID: 261330
           Summary: certctl rehash obeys (when it should not?) changed
                    umask
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: martin@waschbuesch.de

When changing umask for root to 027 in /etc/login.conf, certctl rehash will
update the symlinks, for instance in /etc/ssl/blacklisted/, accordingly.

freebsd-update IDS will report this as a deviation and I assume information on
blacklisted certificates should really be available to non-root users.

-- 
You are receiving this mail because:
You are the assignee for the bug.