www.cendio.com

Bug 7080

Summary: tlwebaccess/tlwebadm refuses to work with cert key in private dir
Product: ThinLinc Reporter: Pierre Ossman <ossman@cendio.se>
Component: OtherAssignee: Peter ├ůstrand <astrand@cendio.se>
Status: NEW QA Contact: Bugzilla mail exporter <bugzilla-qa@cendio.se>
Severity: Normal    
Priority: P2 CC: ossman@cendio.se
Version: 1.3.1   
Target Milestone: Next   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:

Description From cendio 2017-11-20 10:46:58
tlwebaccess and tlwebadm has a security check that the private key isn't world
readable. When this triggers we get:

> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:83.233.150.227] File is read and writeable by others than file owner.
> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:83.233.150.227] Failed to reliable read the certificate key from file, exiting.

Unfortunately it only checks the file itself, rather than the entire path
leading to the file. This breaks certbot/letsencrypt as they secure the files
via the directory:

> drwx------. 3 root root 34 Nov 20 10:38 /etc/letsencrypt/archive/

and not the files:

> -rw-r--r--. 1 root root 1704 Nov 20 10:38 /etc/letsencrypt/archive/certdemo.thinlinc.com/privkey1.pem

This means we cannot use these files directly without some modification.