Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

The Configuration Program vmware-config Might Set Incorrect Permissions on SSL Key Files

Details

In /usr/bin/vmware-config.pl, code sets permissions on the key and certificate files to safe values. However, this script does not use the safe_chmod() subroutine that reports errors on failure. Instead, it uses the native Perl chmod() function without any return code checking. Because the safe_chmod() subroutine is not used and no return code checks are performed, the user is not alerted if chmod() fails. If umask is used at the time, the result might leave the key file readable to any local user on the system.
 
Note: In ESX Server 2.5.x, the affected files include /usr/bin/vmware-config.pl and /usr/bin/vmware-config-mui.pl.

Solution

Manually change the permissions on the key and certificate to their intended values. The following commands are appropriate on a default installation:

# chmod 400 /etc/vmware/ssl/rui.key
# chmod 444 /etc/vmware/ssl/rui.crt

Keywords

security; ssl; alertz

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 2467205
  • Updated: Aug 14, 2009
  • Products:
    VMware ESX
    VMware GSX Server
    VMware Player
    VMware Server
    VMware Workstation
  • Product Versions:
    VMware ESX 2.0.x
    VMware ESX 2.1.x
    VMware ESX 2.5.x
    VMware GSX Server 3.x (Linux)
    VMware Player 1.x (Linux)
    VMware Server 1.0.x (Linux)