Package: asterisk / 1:1.6.2.9-2+squeeze12

astgenkey-security Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Subject: astgenkey should generate a private key that is not world-readable
Author: Lionel Elie Mamane <lionel@mamane.lu>
Bug: http://issues.asterisk.org/view.php?id=12373
Last-Update: 2009-12-19

Upstream has not accepted this patch and chose intead to document this 
as a known minor issue.

--- a/contrib/scripts/astgenkey
+++ b/contrib/scripts/astgenkey
@@ -47,7 +47,11 @@ done
 rm -f ${KEY}.key ${KEY}.pub
 
 echo "Generating SSL key '$KEY': "
+oldumask="`umask`"
+umask 0077
 openssl genrsa -out ${KEY}.key ${DES3} 1024
+[ "$(id -u)" = 0 ] && chown asterisk: ${KEY}.key
+umask $oldumask
 openssl rsa -in ${KEY}.key -pubout -out ${KEY}.pub
 
 if [ -f "${KEY}.key" ] && [ -f "${KEY}.pub" ]; then