CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()

We should generate private keys with 0600. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Pair-Programmed-With: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2013-10-30 14:48:36 +0100
committer: Karolin Seeger <kseeger@samba.org> 2013-11-08 10:54:54 +0100
commit: bc067d06682b796ab7abf6a05f103e7ebe0a4cef (patch)
tree: 7231790356679c41a96fe2d064e43bf2e9cd7919 /selftest
parent: d6988a14b4f82ff5bd6c48a61f8edd02f7b24aa6 (diff)
download: samba-bc067d06682b796ab7abf6a05f103e7ebe0a4cef.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 37f7102c39..8a3f51d361 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -246,7 +246,9 @@ sub mk_keyblobs($$)
 	my $admincertfile = "$tlsdir/admincert.pem";
 	my $admincertupnfile = "$tlsdir/admincertupn.pem";
 
-	mkdir($tlsdir, 0777);
+	mkdir($tlsdir, 0700);
+	my $oldumask = umask;
+	umask 0077;
 
 	#This is specified here to avoid draining entropy on every run
 	open(DHFILE, ">$dhfile");
@@ -437,6 +439,8 @@ Zd7J9s//rNFNa7waklFkDaY56+QWTFtdvxfE+KoHaqt6X8u6pqi7p3M4wDKQox+9Dx8yWFyq
 Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
 -----END CERTIFICATE-----
 EOF
+
+	umask $oldumask;
 }
 
 sub provision_raw_prepare($$$$$$$$$$)
author	Stefan Metzmacher <metze@samba.org>	2013-10-30 14:48:36 +0100
committer	Karolin Seeger <kseeger@samba.org>	2013-11-08 10:54:54 +0100
commit	bc067d06682b796ab7abf6a05f103e7ebe0a4cef (patch)
tree	7231790356679c41a96fe2d064e43bf2e9cd7919 /selftest
parent	d6988a14b4f82ff5bd6c48a61f8edd02f7b24aa6 (diff)
download	samba-bc067d06682b796ab7abf6a05f103e7ebe0a4cef.tar.gz