/etc/ssl/private/ssl-cert-snakeoil.key is world readable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ssl-cert (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I am currently using Ubuntu 8.04 upgraded from 4th alpha. Postgresql was running on my machine some time before. Today I noticed an error while starting its process related to file permissions of server.key. I know that such problem occured in 2007 (http://
Temporary (?) solution is to change mode to 740:
~: psql mydatabase
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/
# ls -l server.key
lrwxrwxrwx 1 root root 38 2008-03-15 23:42 server.key -> /etc/ssl/
/var/lib/
* Starting PostgreSQL 8.3 database server * The PostgreSQL server failed to start. Please check the log output:
2008-05-01 09:42:04 CEST KATASTROFALNY: unsafe permissions on private key file "server.key"
2008-05-01 09:42:04 CEST SZCZEGÓŁY: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
/var/lib/
/var/lib/
* Stopping PostgreSQL 8.3 database server [ OK ]
* Starting PostgreSQL 8.3 database server * The PostgreSQL server failed to start. Please check the log output:
2008-05-01 09:53:33 CEST KATASTROFALNY: could not load private key file "server.key": Permission denied
/var/lib/
/var/lib/
* Stopping PostgreSQL 8.3 database server [ OK ]
* Starting PostgreSQL 8.3 database server * The PostgreSQL server failed to start. Please check the log output:
2008-05-01 09:54:18 CEST KATASTROFALNY: unsafe permissions on private key file "server.key"
2008-05-01 09:54:18 CEST SZCZEGÓŁY: File must be owned by the database user or root, must have no write permission for "group", and must have no permissions for "other".
/var/lib/
/var/lib/
* Stopping PostgreSQL 8.3 database server [ OK ]
* Starting PostgreSQL 8.3 database server [ OK ]
security vulnerability: | yes → no |
What were the original permissions of the key, i. e. what did
ls -l /etc/ssl/ private/ ssl-cert- snakeoil. key
show? Can you please do it now?
I assume some other package broke the default permissions of it (it should be -rw-r----- 1 root ssl-cert).