From 32f6afbb48d349ecc02ff1e134b1f58baba8131d Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 21 Nov 2008 18:41:10 +0000
Subject: [PATCH] remove permissions from others.

git-svn-id: file:///svn/unbound/trunk@1371 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog                     | 2 ++
 smallapp/unbound-control-setup.sh | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/doc/Changelog b/doc/Changelog
index 4f9a0b991..7d6bf888a 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,7 @@
 21 November 2008: Wouter
 	- fixed tcp accept, errors were printed when they should not.
+	- unbound-control-setup.sh removes read/write permissions other
+	  from the keys it creates (as suggested by Dmitriy Demidov).
 
 20 November 2008: Wouter
 	- fixup fatal error due to faulty error checking after tcp accept.
diff --git a/smallapp/unbound-control-setup.sh b/smallapp/unbound-control-setup.sh
index d8bf6c592..ecdc5bb3e 100755
--- a/smallapp/unbound-control-setup.sh
+++ b/smallapp/unbound-control-setup.sh
@@ -142,6 +142,9 @@ test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
 # echo "empty password is used, simply click OK on the password dialog box."
 # openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
 
+# remove unused permissions
+chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
+
 # remove crap
 rm -f request.cfg
 rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"