Best Practices for private key files handling
carson at taltos.org
Thu Sep 15 22:31:30 UTC 2022
On 9/15/2022 3:15 PM, Shawn Heisey via openssl-users wrote:
> If symlinks are used responsibly, they won't have security risks. In
> general, if the program checks the ownership and permissions of the
> actual file before using it, it shouldn't matter whether there is a
> symlink or not.
As long as by "before using it" you mean after opening it and checking
via fstat(). Otherwise you have a race between your check and open().
More information about the openssl-users