* options.skel: Some language tweaks, and remove the load-extension

section for random gatherers. * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files with user-only permissions, but restore the original permissions if the user has something special set. * openfile.c (copy_options_file): Create new options file (gpg.conf) with user-only permissions. * keydb.c (keydb_add_resource): Create new keyrings with user-only permissions.
2025-07-02 22:46:30 +02:00 · 2002-08-09 02:23:42 +00:00 · 2002-08-09 02:23:42 +00:00 · 74a84ca93b
commit 74a84ca93b
parent 3d85ad800d
5 changed files with 71 additions and 61 deletions
--- a/g10/keyring.c
+++ b/g10/keyring.c
@ -1132,6 +1132,7 @@ create_tmp_file (const char *template,
                 char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
 {  
  char *bakfname, *tmpfname;
+  mode_t oldmask;

  *r_bakfname = NULL;
  *r_tmpfname = NULL;
@ -1169,7 +1170,10 @@ create_tmp_file (const char *template,
    strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
 # endif /* Posix filename */

+    /* Create the temp file with limited access */
+    oldmask=umask(077);
    *r_fp = iobuf_create (tmpfname);
+    umask(oldmask);
    if (!*r_fp) {
 	log_error ("can't create `%s': %s\n", tmpfname, strerror(errno) );
        m_free (tmpfname);
@ -1189,19 +1193,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 {
  int rc=0;

-  /* restrict the permissions for secret keyrings */
-#ifndef HAVE_DOSISH_SYSTEM
-  if (secret && !opt.preserve_permissions)
-    {
-      if (chmod (tmpfname, S_IRUSR | S_IWUSR) ) 
-        {
-          log_error ("chmod of `%s' failed: %s\n",
-                     tmpfname, strerror(errno) );
-          return G10ERR_WRITE_FILE;
-	}
-    }
-#endif
-
  /* invalidate close caches*/
  iobuf_ioctl (NULL, 2, 0, (char*)tmpfname );
  iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
@ -1241,6 +1232,24 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
      return rc;
    }

+  /* Now make sure the file has the same permissions as the original */
+
+#ifndef HAVE_DOSISH_SYSTEM
+  {
+    struct stat statbuf;
+
+    statbuf.st_mode=S_IRUSR | S_IWUSR;
+
+    if(((secret && !opt.preserve_permissions) ||
+	(stat(bakfname,&statbuf)==0)) &&
+       (chmod(fname,statbuf.st_mode)==0))
+      ;
+    else
+      log_error("WARNING: unable to restore permissions to `%s': %s",
+		fname,strerror(errno));
+  }
+#endif
+
  return 0;
 }

@ -1430,8 +1439,11 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
    if (mode == 1 && !fp && errno == ENOENT) { 
 	/* insert mode but file does not exist: create a new file */
 	KBNODE kbctx, node;
+	mode_t oldmask;

+	oldmask=umask(077);
 	newfp = iobuf_create (fname);
+	umask(oldmask);
 	if( !newfp ) {
 	    log_error (_("%s: can't create: %s\n"),
                       fname, strerror(errno));
@ -1453,10 +1465,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
 	    log_error ("%s: close failed: %s\n", fname, strerror(errno));
 	    return G10ERR_CLOSE_FILE;
 	}
-	if (chmod( fname, S_IRUSR | S_IWUSR )) {
-	    log_error("%s: chmod failed: %s\n", fname, strerror(errno) );
-	    return G10ERR_WRITE_FILE;
-	}
 	return 0; /* ready */
    }