private keys shouldn't be world-readable #82

EvilBit · 2021-07-14T21:21:48Z

All key material, including private keys, are created world-readable (0644 here) at the moment.

Exposing this secret key material to unprivileged users and processes poses a security vulnerability.

The text was updated successfully, but these errors were encountered:

EvilBit · 2021-07-14T21:36:11Z

Oh, and by the way, thanks a lot for this great tool - finally a workable secure boot management tool :)

Foxboron · 2021-07-15T13:48:40Z

Yolo, copy-pasted code. Thanks :)

ericonr · 2021-07-15T14:10:10Z

Interesting, my keys are 600... I wonder when the regression happened.

EvilBit · 2021-07-15T21:59:14Z

Interesting, my keys are 600... I wonder when the regression happened.

I just traversed backwards through git blame and the permissions in SaveKey were 0644 since the initial commit.

But here the initial creation of the files was removed from CreateKey (which set 0600) and relied now on the erroneous permissions in SaveKey.

EvilBit · 2021-07-15T22:04:24Z

Maybe the code should even check for too permissive file permissions and refuse signing in this case. Like OpenSSH enforces it for private keys.

ericonr · 2021-07-16T00:57:22Z

I think that's reasonable, but please with better error messages :p

Foxboron · 2021-07-16T13:14:33Z

We can just do an var ErrInvalidPrivKeyPerms = errors.new("...something") and match it in main.go to give something human readable error back.

Foxboron · 2021-07-22T19:13:26Z

Fixed with ea325ca

EvilBit mentioned this issue Jul 14, 2021

fix: restrict key file permissions #83

Merged

Foxboron closed this as completed Jul 22, 2021

Provide feedback