On 05/02/15 02:12 PM, Marcel Kleinfeller wrote: > Hello! > > When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this: > > [...] > lrwxrwxrwx 1 root root 102 21. Dez 17:56 > Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -> > ../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem > > [...] > > All certificates are publicly writable. > > I never set chmod to 777 on this directory and I see a great security > lack here. > Any program could inject its own certificate there, you should know this > isn't good ;) > > Tell me whether this is just an issue on my own system or a general issue. > > Marcel Kleinfeller <marcel@xxxxxxxx> It's not an issue. It's a symlink. The permissions on the directory and the target are what matters.
Attachment:
signature.asc
Description: OpenPGP digital signature
