nss_ldap's tls_key file permission

Farkas Levente lfarkas at bppiac.hu
Tue May 10 13:30:32 UTC 2005

if we'd like to use nss_ldap with tls certificzte files than we have to 
use a least 644 permission even on the key file. it's not a good 
security concern. it's better than without tls, but local user still too 
powerful in this case:-( is there any way to prevent this? i mean to be 
able to change the file permission to root:root 640 and use nss_ldap 
too? usualy in this case a small portion of the progam run as setuid 
root, but of course in this case it can't help since it's a library and 
the whole nss philosophy are different from this. what can i do? or 
currently there is no solution for this?
thanks in advance.

   Levente                               "Si vis pacem para bellum!"

More information about the fedora-selinux-list mailing list