Bug 606 - Readability of unbound control key files should not be achieved by ownership
Readability of unbound control key files should not be achieved by ownership
Status: ASSIGNED
Product: unbound
Classification: Unclassified
Component: server
1.4.22
All All
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-25 16:03 CEST by Peter Koch
Modified: 2014-08-25 16:18 CEST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Koch 2014-08-25 16:03:18 CEST
The unbound-control-setup documentation says:

       The setup requires a self-signed certificate and private keys for both the server and client.  The  script  unbound-control-setup  generates
       these  in the default run directory, or with -d in another directory.  If you change the access control permissions on the key files you can
       decide who can use unbound-control, by default owner and group but not all users.  Run the script under the same username as you  have  con-
       figured in unbound.conf or as root, so that the daemon is permitted to read the files, for example with:
           sudo -u unbound unbound-control-setup

I think this advice can be enhanced from a security perspective: the unbound process needs to be able to _read_ the files, not _own_ them, which would imply the ability to alter the contents.  Readability (with protection from "other") would best be achieved by using group permissions rather than ownership.
Comment 1 Wouter Wijngaards 2014-08-25 16:18:09 CEST
Hi Peter,

This sort of permissions seem to have a high user-specific preference.  (I mean, different people tend to have very different opinions).  But what do you suggest I write?  I do not really want to get into full 'key management', but a couple of lines could be nice, I guess.

Best regards,
   Wouter