What steps will reproduce the problem?
1. Install Prosody
2. ls -ld /etc/prosody/certs
What is the expected output? What do you see instead?
The directory containing certificates should be readable only by root and prosody, and writable only by root. Instead it is world-readable.
What version of the product are you using? On what operating system?
0.9.10, on ArchLinux.
Please provide any additional information below.
Downstream bug: https://bugs.archlinux.org/task/50933
Zash
on
Certificates are not secrets. The important thing is that the private keys are kept non-world-readable.
And already public in that other bug tracker, no point in hiding it here.
What steps will reproduce the problem? 1. Install Prosody 2. ls -ld /etc/prosody/certs What is the expected output? What do you see instead? The directory containing certificates should be readable only by root and prosody, and writable only by root. Instead it is world-readable. What version of the product are you using? On what operating system? 0.9.10, on ArchLinux. Please provide any additional information below. Downstream bug: https://bugs.archlinux.org/task/50933
Certificates are not secrets. The important thing is that the private keys are kept non-world-readable. And already public in that other bug tracker, no point in hiding it here.
ChangesHiddenPriority-Medium