CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()

We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2013-10-30 14:48:36 +0100
committer: Karolin Seeger <kseeger@samba.org> 2013-11-11 11:14:36 +0100
commit: cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99 (patch)
tree: 146599919590b094174d535cf05a643ffc7d5da4 /selftest
parent: 83a3ae18ddb945defc3a2f1d5ca2fb743fa43724 (diff)
download: samba-cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 646ac730610..96d1657ea8f 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -258,7 +258,9 @@ sub mk_keyblobs($$)
 	my $admincertfile = "$tlsdir/admincert.pem";
 	my $admincertupnfile = "$tlsdir/admincertupn.pem";
 
-	mkdir($tlsdir, 0777);
+	mkdir($tlsdir, 0700);
+	my $oldumask = umask;
+	umask 0077;
 
 	#This is specified here to avoid draining entropy on every run
 	open(DHFILE, ">$dhfile");
@@ -449,6 +451,8 @@ Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
 -----END CERTIFICATE-----
 EOF
+
+	umask $oldumask;
 }
 
 sub provision_raw_prepare($$$$$$$$$$)
author	Stefan Metzmacher <metze@samba.org>	2013-10-30 14:48:36 +0100
committer	Karolin Seeger <kseeger@samba.org>	2013-11-11 11:14:36 +0100
commit	cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99 (patch)
tree	146599919590b094174d535cf05a643ffc7d5da4 /selftest
parent	83a3ae18ddb945defc3a2f1d5ca2fb743fa43724 (diff)
download	samba-cf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99.tar.gz