starred/mumble-mumble-voip

Fork 0

mirror of https://github.com/mumble-voip/mumble.git synced 2026-03-03 00:46:56 -05:00

Better certificate protection - 600 #2926

New issue

Open

opened 2026-02-20 22:15:06 -05:00 by deekerman · 6 comments

deekerman commented

2026-02-20 22:15:06 -05:00

Owner

Originally created by @Golffies on GitHub (Dec 7, 2024).

Hello,

on macOS, it seems to me that the certificate and private key used by Mumble are saved in a JSON file, located here:

/Users/<whoever>/Library/Preferences/Mumble/Mumble/mumble_settings.json

However, this file and its backup copy located in the same folder are created with 644 rights, and their content can therefore be read by any user:

-rw-r--r--@ 1 youruser  staff   4,6K  7 déc 12:18 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json
-rw-r--r--@ 1 youruser  staff   4,6K  7 déc 12:16 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json.back

Since the private key is present, it would be better for Mumble to apply more restricted rights to them, such as 600.

-rw-------@ 1 youruser  staff   4,6K  7 déc 12:18 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json
-rw-------@ 1 youruser  staff   4,6K  7 déc 12:16 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json.back

This becomes a more than academic concern when you consider importing into Mumble a personal certificate signed by an external certification authority and also used to sign and encrypt emails.

Obviously, on macOS, the best practice is to access the certificate and its private key from the Keychain, and not to export it from the Keychain to create a copy to be imported into Mumble. But restricting access rights to the JSON file is already a step towards greater security.

Note that on macOS, when an application is authorised to use the certificate and private key in the Keychain, the user is not asked to enter their session password every time. In the Keychain, the application can be declared as always having the right to access them.

Environment
macOS 14.6.1
Mumble 1.5.634

Originally created by @Golffies on GitHub (Dec 7, 2024). Hello, on macOS, it seems to me that the certificate and private key used by Mumble are saved in a JSON file, located here: `/Users/<whoever>/Library/Preferences/Mumble/Mumble/mumble_settings.json` However, this file and its backup copy located in the same folder are created with 644 rights, and their content can therefore be read by any user: ``` -rw-r--r--@ 1 youruser staff 4,6K 7 déc 12:18 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json -rw-r--r--@ 1 youruser staff 4,6K 7 déc 12:16 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json.back ``` Since the private key is present, it would be better for Mumble to apply more restricted rights to them, such as 600. ``` -rw-------@ 1 youruser staff 4,6K 7 déc 12:18 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json -rw-------@ 1 youruser staff 4,6K 7 déc 12:16 /Users/youruser/Library/Preferences/Mumble/Mumble/mumble_settings.json.back ``` This becomes a more than academic concern when you consider importing into Mumble a personal certificate signed by an external certification authority and also used to sign and encrypt emails. Obviously, on macOS, the best practice is to access the certificate and its private key from the Keychain, and not to export it from the Keychain to create a copy to be imported into Mumble. But restricting access rights to the JSON file is already a step towards greater security. Note that on macOS, when an application is authorised to use the certificate and private key in the Keychain, the user is not asked to enter their session password every time. In the Keychain, the application can be declared as always having the right to access them. **Environment** macOS 14.6.1 Mumble 1.5.634

deekerman added the

labels

2026-02-20 22:15:06 -05:00

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@Kissaki commented on GitHub (Dec 7, 2024):

This is about the Mumble client, not the Mumble website, right?

@Kissaki commented on GitHub (Dec 7, 2024): This is about the Mumble client, not the Mumble website, right?

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@Hartmnt commented on GitHub (Dec 8, 2024):

Interesting. On Linux the same permissions are used, so this could also benefit from a change here.

@Hartmnt commented on GitHub (Dec 8, 2024): Interesting. On Linux the same permissions are used, so this could also benefit from a change here.

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@theboywholived commented on GitHub (Dec 12, 2024):

Can I work on this issue - I'm new to OSS and this repo.

@theboywholived commented on GitHub (Dec 12, 2024): Can I work on this issue - I'm new to OSS and this repo.

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@Krzmbrzl commented on GitHub (Dec 12, 2024):

Absolutely. The relevant part of the code is in https://github.com/mumble-voip/mumble/blob/master/src/mumble/Settings.cpp#L143

@Krzmbrzl commented on GitHub (Dec 12, 2024): Absolutely. The relevant part of the code is in https://github.com/mumble-voip/mumble/blob/master/src/mumble/Settings.cpp#L143

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@theboywholived commented on GitHub (Dec 14, 2024):

Sure - I will pick this up? Could you point me to anyway I can replicate this and test this fix once I have written the code?

@theboywholived commented on GitHub (Dec 14, 2024): Sure - I will pick this up? Could you point me to anyway I can replicate this and test this fix once I have written the code?

deekerman commented

2026-02-20 22:15:07 -05:00

Author

Owner

@Krzmbrzl commented on GitHub (Dec 14, 2024):

Just run Mumble once and inspect the file permissions of the created settings JSON file (e.g. via ls -al).

@Krzmbrzl commented on GitHub (Dec 14, 2024): Just run Mumble once and inspect the file permissions of the created settings JSON file (e.g. via `ls -al`).