Samba4 broken since Upgrade 4.0.6 to 4.0.14
Marc Muehlfeld
samba at marc-muehlfeld.de
Wed Jan 29 13:40:19 MST 2014
Am 29.01.2014 20:36, schrieb Andrew Bartlett:
>> Check your Samba logs for (this will appear in your log.%m, if you hit
>> this):
>> [2014/01/29 20:19:14.836873, 0, pid=4311]
>> ../lib/util/util.c:161(file_check_permissions)
>> invalid permissions on file '/usr/local/samba/private/tls/key.pem':
>> has 0644 should be 0600
>> [2014/01/29 20:19:14.843206, 0, pid=4311]
>> ../source4/lib/tls/tls_tstream.c:1125(tstream_tls_params_server)
>> Invalid permissions on TLS private key file
>> '/usr/local/samba/private/tls/key.pem':
>> owner uid 0 should be 0, mode 0644 should be 0600
>> This is known as CVE-2013-4476.
>> Removing all tls .pem files will cause an auto-regeneration with the
>> correct permissions.
>>
>>
>> And to fix it, simply set the mode of your key.pem to 600 and restart Samba.
>
> NO. NO. NO. To fix it, read the message above, that's why we printed
> it. Remove the .pem files and let Samba re-generate them, as they have
> been exposed!
Yes, you are right. Sorry.
I'd misinterpreted the message that I had the choice:
Option 1: Change the mode to 600.
Option 2: Let the files re-create with correct permissions.
Maybe the message could be bit more explicit, like:
> It it highly recommended to remove all tls .pem files, as they have
> been exposed! This will cause an auto-regeneration with the correct
> permissions.
This could prevent misinterpretation.
Regards,
Marc
More information about the samba-technical
mailing list