Security fix: Avoid making certificate key world-readable on renewal.

bigbluebutton / bbb-install

BASH script to install BigBlueButton in 30 minutes.

GNU Lesser General Public License v3.0

615 stars 538 forks source link

Security fix: Avoid making certificate key world-readable on renewal. #688

Closed datenritter closed 11 months ago

datenritter commented 1 year ago

certbundle.new should be created and protected with chmod before the secret key is copied into it. Otherwise, though temporarily, the key becomes world readable and might be read by a local user monitoring the folder.

datenritter commented 1 year ago

Should go into 3.0 as well.