Package: asterisk / 1:13.14.1~dfsg-2+deb9u4

astgenkey-security Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Description: astgenkey should generate a private key that is not world-readable
 Upstream has not accepted this patch and chose intead to document this
 as a known minor issue.
Author: Lionel Elie Mamane <lionel@mamane.lu>
Bug: http://issues.asterisk.org/view.php?id=12373
Last-Update: 2016-03-19

--- a/contrib/scripts/astgenkey
+++ b/contrib/scripts/astgenkey
@@ -47,7 +47,11 @@
 rm -f ${KEY}.key ${KEY}.pub
 
 echo "Generating SSL key '$KEY': "
+oldumask="`umask`"
+umask 0077
 openssl genrsa -out ${KEY}.key ${DES3} 1024
+[ "$(id -u)" = 0 ] && chown asterisk: ${KEY}.key
+umask $oldumask
 openssl rsa -in ${KEY}.key -pubout -out ${KEY}.pub
 
 if [ -f "${KEY}.key" ] && [ -f "${KEY}.pub" ]; then