Dre4m Shell
Server IP : 127.0.0.2  /  Your IP : 18.117.232.234
Web Server : Apache/2.4.18 (Ubuntu)
System :
User : www-data ( )
PHP Version : 7.0.33-0ubuntu0.16.04.16
Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/lib/dpkg/info/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /var/lib/dpkg/info/ssl-cert.postinst
#!/bin/sh -e

. /usr/share/debconf/confmodule

# Create the ssl-cert system group for snakeoil ownership:
if ! getent group ssl-cert >/dev/null; then
	addgroup --quiet --system --force-badname ssl-cert
fi

check_vuln_version () {
	if dpkg --compare-versions "$2" ge "$1" && dpkg --compare-versions "$2" lt $3 ; then
		check_key="yes"
	fi
}

# Check if the generated snakeoil key/cert has been generated 
# from a vulnerable openssl version and replace it if necessary.
if [ -x /usr/bin/openssl-vulnkey -a -n "$2" ] ; then
	check_key=""
	check_vuln_version 0               "$2" 1.0.13-0ubuntu0.7.04.1
	check_vuln_version 1.0.13-1        "$2" 1.0.14-0ubuntu0.7.10.1
	check_vuln_version 1.0.14-0ubuntu1 "$2" 1.0.14-0ubuntu2.1
	check_vuln_version 1.0.15          "$2" 1.0.19ubuntu1

	CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem"
	KEY="/etc/ssl/private/ssl-cert-snakeoil.key"
	# check if the cert and key file exist,
	# the issuer and subject are the same (self signed cert)
	# and the private key is vulnerable
	if [ "${check_key}" = "yes" -a \
	     -e "${CERT}" -a -e "${KEY}" -a \
	     "$(openssl x509 -issuer -noout < ${CERT} | sed 's/issuer= //')" = "$(openssl x509 -subject -noout < ${CERT} | sed 's/subject= //')" ]; then
	    	if ! openssl-vulnkey -q ${KEY}; then
			db_version 2.0
        		db_input critical make-ssl-cert/vulnerable_prng || true
        		db_go
			if [ ! -e ${CERT}.broken ] && [ ! -e ${KEY}.broken ] ; then
				mv ${CERT} ${CERT}.broken
				mv ${KEY} ${KEY}.broken
			fi
			make-ssl-cert generate-default-snakeoil --force-overwrite
		fi
	fi
fi

# no need to perform any check. If the certificates are there
# it will exit 0.
make-ssl-cert generate-default-snakeoil

# allow group ssl-cert to access /etc/ssl/private
if ! dpkg-statoverride --list /etc/ssl/private >/dev/null 2>&1
then
    dpkg-statoverride --update --add root ssl-cert 710 /etc/ssl/private
fi

# If we're upgrading from an older version, fix the unreadable key:
if dpkg --compare-versions "$2" lt 1.0.12; then
	chgrp ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
	chmod g+r /etc/ssl/private/ssl-cert-snakeoil.key
fi

Anon7 - 2022
AnonSec Team