Symlinks often (always?) show as 777 permissions. If you look at the actual file that it links to, you'll see the permissions are fine: [darose@daroseneo ~]$ ls -l /etc/ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -r--r--r-- 1 root root 1602 Dec 22 09:54 /etc/ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem DR On 02/05/2015 02:12 PM, Marcel Kleinfeller wrote:
Hello!
When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this:
[...] lrwxrwxrwx 1 root root 102 21. Dez 17:56 Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem -> ../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
[...]
All certificates are publicly writable.
I never set chmod to 777 on this directory and I see a great security lack here. Any program could inject its own certificate there, you should know this isn't good ;)
Tell me whether this is just an issue on my own system or a general issue.
Marcel Kleinfeller <marcel@oompf.de>