git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
tang
1
0
Fork 0
Files
Browse Source

Assert restrictive permissions on the key database [CVE-2023-1672]

Since 11-2, the window for an attack was already pretty small, let's
close the remaining gap, and assert permissions when upgrading from an
earlier version.
Christoph Biedl 2 years ago
parent
c90fb7c81f
commit
05e40c8390
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      debian/tang-common.postinst

+ 2 - 1
debian/tang-common.postinst
View File 

@@ -33,8 +33,9 @@ configure)
 
     fi
 
 
     # assert db directory
 
-    mkdir -p "$DB_DIR"
 
+    mkdir -m0750 -p "$DB_DIR"
 
     chown _tang:_tang "$DB_DIR"
 
+    # assert restrictive permissions upon upgrade
 
     chmod 0750 "$DB_DIR"
 
 
     ;;