Skip to content

Enforce minimum access rights on confidential files#121

Draft
piotrpdev wants to merge 1 commit into
kroxylicious:mainfrom
piotrpdev:enforce-minimum-file-permissions
Draft

Enforce minimum access rights on confidential files#121
piotrpdev wants to merge 1 commit into
kroxylicious:mainfrom
piotrpdev:enforce-minimum-file-permissions

Conversation

@piotrpdev

Copy link
Copy Markdown
Member

Kroxylicious should validate that confidential files (TLS private keys, keystores, truststores,
password files, and KMS credential files) have suitably restrictive filesystem permissions before
reading them, similar to how the ssh command refuses to use a world-readable private key.

Related to: kroxylicious/kroxylicious#1038

Signed-off-by: Piotr Płaczek <piotrpdev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant