Chef

CA key not properly protected

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 0.8.2
  • Fix Version/s: 0.8.4
  • Component/s: Chef Server
  • Labels:
    None

Description

This is quite similar to CHEF-975:

File.open(ca_keypair_file, "w") { |f| f.write keypair.to_pem }

This will, by default, leave the key world readable.

Also, defaulting to a 1024 bit RSA key is a bit on the weak side, I recommend going to at least 2048 if not 4096 bits to have a good security buffer.

Activity

Hide
Permalink
Tollef Fog Heen added a comment - 01/Mar/10 7:50 PM

Fixed in http://github.com/tfheen/chef/tree/CHEF-996

Show
Tollef Fog Heen added a comment - 01/Mar/10 7:50 PM Fixed in http://github.com/tfheen/chef/tree/CHEF-996

People

Vote (0)
Watch (0)

Dates

  • Created:
    01/Mar/10 7:45 PM
    Updated:
    05/Mar/10 12:21 AM
    Resolved:
    01/Mar/10 7:50 PM
Atlassian JIRA (v4.3#614-r144677) | Report a problem
Powered by a free Atlassian JIRA open source license for Chef and Ohai. Try JIRA - bug tracking software for your team.