Uploaded image for project: 'MicroShift'
  1. MicroShift
  2. USHIFT-1018

Fix Pervasive Permissions for Cryptographic Key Material

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • uShift Sprint 233, uShift Sprint 234, uShift Sprint 235

      Description of problem:

      Severity: Low

In ./pkg/util/cert.go:

func GenCerts(...) error {
    var err error
    if rootCA == nil || rootKey == nil {
   	 return err
    }
    os.MkdirAll(dir, 0700)
    certBuff, keyBuff, err := GenCertsBuff(common, svcName)
    if err != nil {
   	 return err
    }
    certPath := filepath.Join(dir, certFilename)
    keyPath := filepath.Join(dir, keyFilename)
    ioutil.WriteFile(certPath, certBuff, 0644)
    ioutil.WriteFile(keyPath, keyBuff, 0644)
    return err
}


It must be noted that:

Mode 0644 is unneeded here for 'keyPath' – 0400 is sufficient.

The calls to ioutil.Writefile() and os.MkdirAll() lack error handling.

The ioutil package is deprecated as of Go 1.16 and is replaced by os / io.
 

      Reference(s):
      https://pkg.go.dev/io
      https://pkg.go.dev/os

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

              pacevedo@redhat.com Pablo Acevedo Montserrat
              pacevedo@redhat.com Pablo Acevedo Montserrat
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: