[blfs-support] CA certificates

Pierre Labastie pierre.labastie at neuf.fr
Sun Mar 22 13:02:55 PDT 2015


Le 22/03/2015 20:38, Paul Rogers a écrit :
>>
>> Normally yes, but there is no reason a regular user can't look at
>> them. The only restrictions should be for install/remove in the system
>> locations.
> 
> Does a user need world-executable access these scripts to look?
> 
> "First create a script to reformat a certificate into a form needed
> by openssl."
> 
> "The following script creates the certificates and a bundle of all the
> certificates. It creates a ./certs directory and ./BLFS-ca-bundle-
> ${VERSION}.crt."
> 
> "Add a short script to remove expired certificates from a directory."
> 
> It doesn't sound like it to me?  It appears a user might make her/his
> own certificate bundle with the second script, but are those like
> private key-rings?  I'm under the impression from Wikipedia that there
> are only a handful of trustworthy authorities, the one we're installing
> certificates of.  If I let a user install a bogus certificate from an
> untrustworthy "authority", am I not inviting attacks on the system?  So
> I ask again, is there something I lose if I put them in /usr/sbin and
> only owner/root executable?
> 

I do not understand why it is a problem if a user plays with certificates.
What should be protected is the location where _trusted_ certificates are
sought for by executables who need secure identification (web browsers, gnupg,
etc). Furthermore, since those are shell scripts, you have to hide them
completely (700), otherwise, they can be copied to any directory and run from
there. Even if you do that, the user can still grab a copy of the book and
copy them from there... Anyhow, those ./certs and ./BLFS-ca-... files are of
no use if not placed at the right place: /etc/ssl. This is _the_ place to hide...

Pierre





More information about the blfs-support mailing list