Hi, after installing psyBNC I recognized that it's SSL Key is world readable: # ls -l /opt/psybnc/key/* -rw-r--r-- 1 psybnc psybnc 1671 Oct 9 23:56 /opt/psybnc/key/psybnc.cert.pem -rw-r--r-- 1 psybnc psybnc 1675 Oct 9 23:56 /opt/psybnc/key/psybnc.key.pem -rw-r--r-- 1 psybnc psybnc 1062 Oct 9 23:56 /opt/psybnc/key/psybnc.req.pem At least the key should not be world readable. Please add some chmod magic to the ebuild. Regards Muelli
gurligebis, pls verify/fix "Muelli", can we open this bug to the public?
Hi, of course you can, but If I were an admin who has a couple of users, I'd appreciate a new ebuild like net-irc/psybnc-2.3.2.7-r1 which fixes this issue before everyone knows how to read the private key... So my oppinion is, to fix the ebuild -which is rather simple- and then open this bug for the public. Regards Muelli
Fixing it now :-)
Fixed :-) Has been added to CVS
thanks bjarke opening the bug now The ebuild is not stable on any arch, so this bug can stay closed and no GLSA will be issued.