nss_ldap's tls_key file permission
lfarkas at bppiac.hu
Tue May 10 13:30:32 UTC 2005
if we'd like to use nss_ldap with tls certificzte files than we have to
use a least 644 permission even on the key file. it's not a good
security concern. it's better than without tls, but local user still too
powerful in this case:-( is there any way to prevent this? i mean to be
able to change the file permission to root:root 640 and use nss_ldap
too? usualy in this case a small portion of the progam run as setuid
root, but of course in this case it can't help since it's a library and
the whole nss philosophy are different from this. what can i do? or
currently there is no solution for this?
thanks in advance.
Levente "Si vis pacem para bellum!"
More information about the fedora-selinux-list