use better location for provider debug output

opencryptoki / openssl-ibmca

OpenSSL engine and provider for libica.

Apache License 2.0

6 stars 15 forks source link

use better location for provider debug output #107

Closed sharkcz closed 11 months ago

sharkcz commented 11 months ago

Currently the provider will use /var/log/ibmca for the debug traces, but the directory needs to world writeable (mode 0777), which has security implications I believe. Ideally the location would be set by eg. an environment variable (eg. IBMCA_LOGDIR) or set in the config file and would default to eg. /tmp if not set by the user. I am pretty sure we don't want a wide open directory on a production system.

ifranzki commented 11 months ago

Please see PR https://github.com/opencryptoki/openssl-ibmca/pull/108 . Let me know if this is sufficient.