Best Practices for private key files handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm working on a bug in an application where the application config is given the directory path in which to find a key-store, which it then loads.

My issue is this: a regular UNIX file is trivial to handle (make sure it's owned by "root" or the uid that the app runs at, and that it's 0600 or 0400 permissions... easy-peasy).

But what happens when the file we encounter is a symlink?  If the symlink is owned by root but the target isn't, or the target permissions aren't 0600 0r 0400...  Or the target is a symlink, or there's a symlink somewhere in the target path, etc.

So... what's the Best Practices list for handling private key materials?  Has anyone fleshed this out?

The specific bug, if anyone is interested, is:

https://issues.asterisk.org/jira/browse/ASTERISK-30213

Thanks,

-Philip





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux