Re: Best Practices for private key files handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 9/15/2022 3:15 PM, Shawn Heisey via openssl-users wrote:
If symlinks are used responsibly, they won't have security risks. In general, if the program checks the ownership and permissions of the actual file before using it, it shouldn't matter whether there is a symlink or not.
As long as by "before using it" you mean after opening it and checking via fstat(). Otherwise you have a race between your check and open().
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux