static ssl keyfile in image!

[daald]

---

Expected Behavior

After starting a new linuxserver/rdesktop container, it should generate new ssl keys for secure communication and optimally store it somewhere in a configuration volume.

Current Behavior

This is what I find after starting:

# ls /etc/xrdp/*.pem -l
lrwxrwxrwx 1 root root 36 Oct 22 17:50 /etc/xrdp/cert.pem -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 Oct 22 17:50 /etc/xrdp/key.pem -> /etc/ssl/private/ssl-cert-snakeoil.key
# ls -l /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r--r-- 1 root root     1062 Oct 22 17:50 /etc/ssl/certs/ssl-cert-snakeoil.pem
-rw-r----- 1 root ssl-cert 1704 Oct 22 17:50 /etc/ssl/private/ssl-cert-snakeoil.key

Oct 22 is the date when the image 35a5ec81a4d3 was built. The date when I started the container was Oct 29. The key is hardcoded inside the image, public for everyone who is able to record my/your internet traffic.

this is a security issue

Steps to Reproduce

1. start the container: docker run -d -n rdesktop -e PUID=1000 -e PGID=1000 -e TZ=Europe/London -p 3389:3389 linuxserver/rdesktop
2. enter the container, using rdp session or docker exec -ti rdesktop bash -i
3. run the above ls commands

Environment

OS: Linux
CPU architecture: x86_64
How docker service was installed:
default package from ubuntu focal-updates/universe repo

Command used to create docker container (run/create/compose/screenshot)

see above

Docker logs

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 12-prep_xrdp: executing... 
[cont-init.d] 12-prep_xrdp: exited 0.
[cont-init.d] 30-config: executing... 
[cont-init.d] 30-config: exited 0.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the issue template!

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[thelamer]

Gonna overhaul the baseimages with some stuff, I'll do key generation on boot with an init script. Did not realize RDP used these keys.

[thelamer]

Keys are now generated on container spinup.