[arch-general] Why are CA certifcates writable for every user?
Marcel Kleinfeller
marcel at oompf.de
Thu Feb 5 19:12:31 UTC 2015
Hello!
When I'm doing "cd /etc/ssl/certs/ && ls -al" I see something like this:
[...]
lrwxrwxrwx 1 root root 102 21. Dez 17:56
Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem ->
../../ca-certificates/extracted/cadir/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
[...]
All certificates are publicly writable.
I never set chmod to 777 on this directory and I see a great security
lack here.
Any program could inject its own certificate there, you should know this
isn't good ;)
Tell me whether this is just an issue on my own system or a general issue.
Marcel Kleinfeller <marcel at oompf.de>
More information about the arch-general
mailing list