The keygen.sh script, installed with shibboleth sp 2.0 (into the /usr/local/etc/shibboleth directory by default) uses openssl to create a des private key put in to the file sp-key.pm. It relies on the root user's umask (default 22) instead of chmod-ing the resulting file itself, so the generated private key is world readable by default. This is a security issue, the keygen.sh script should chmod the file to 0600.
914518 rw-rr- 1 root root 1675 May 22 14:59 sp-key.pem
The keygen.sh script, installed with shibboleth sp 2.0 (into the /usr/local/etc/shibboleth directory by default) uses openssl to create a des private key put in to the file sp-key.pm. It relies on the root user's umask (default 22) instead of chmod-ing the resulting file itself, so the generated private key is world readable by default. This is a security issue, the keygen.sh script should chmod the file to 0600.
914518 rw-rr- 1 root root 1675 May 22 14:59 sp-key.pem