Hi James et al!
Intro
-----
openvpn creates pre-shared secret files, for latter use in static key
encryption mode (non-TLS), with the --genkey option
The minor/anecdotal glitch
--------------------------
The permissions for the created file may be/seem to be excessive (0700)
Pointed out by Herbert Xu <herb...@gondor.apana.org.au> [1]
The patch
---------
--- openvpn-1.3.2.orig/crypto.c
+++ openvpn-1.3.2/crypto.c
@@ -968,7 +968,7 @@
struct buffer out = alloc_buf_gc (512);
/* open key file */
- fd = open (filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRWXU);
+ fd = open (filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);
if (fd == -1)
msg (M_ERR, "Cannot open shared secret file %s for write", filename);
Let me know if you like it/agree, James. Thanks,
Alberto
[1] http://bugs.debian.org/178849
(PS. I resent this mail, since I first sent it from the wrong address,
sorry James)
--
Alberto Gonzalez Iniesta | They that give up essential liberty
agi@(agi.as|debian.org) | to obtain a little temporary safety
Encrypted mail preferred | deserve neither liberty nor safety.
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
