Bug 261330 - certctl rehash obeys (when it should not?) changed umask
Summary: certctl rehash obeys (when it should not?) changed umask
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: 13.0-RELEASE
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2022-01-19 11:00 UTC by Martin Waschbüsch
Modified: 2022-01-19 11:00 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Martin Waschbüsch 2022-01-19 11:00:00 UTC
When changing umask for root to 027 in /etc/login.conf, certctl rehash will update the symlinks, for instance in /etc/ssl/blacklisted/, accordingly.

freebsd-update IDS will report this as a deviation and I assume information on blacklisted certificates should really be available to non-root users.