Comment 3 for bug 1206254

John Dennis (jdennis-a) wrote :

It's hard to say the extent of the vulnerability. The index and serial file control how OpenSSL signs certificates when operating as a CA. These files should be "private", only the owner can read and write them. When we fail to set the correct permissions on those files the resulting permission depends on the umask (unfortunately I don't know what the umask is when this executes). The issue is someone could modify either the index or serial file. What could that do? The most likely would be to cause duplicate certificates to be generated by the CA, that's never supposed to happen. Some crypto libraries detect duplicates but others do not. The duplicates could cause SSL and token validation to fail. I don't think it would cause a breach. I think the main damage would be to cause the system to stop working. But that's just speculation. What is worrisome is this could result in an attack on the CA (Certificate Authority) and the CA is an absolutely critical component of the overall security. Just because I can't think of an attack on the CA via modifying these files doesn't mean one doesn't exist.

The other thing I just noticed is the permission that would be applied if the correct file names had been used is 0700. I don't think these files should have execute permission, which is another thing which should be fixed. Executable files are always a concern, especially of someone can modify and execute them other than the intended owner. If someone did do this another consequence is the CA would likely stop working (I have not tried to run OpenSSL as a CA with bogus files, but my recollection is it just fails).