security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

* keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on

Browse Source 
secret keyring files to be extra safe on filesystems that may not sync
data and metadata together (ext4).  Also check return code from the
cache invalidation to make sure we're safe over NFS and similar.
This commit is contained in:
David Shaw 2009-03-20 20:55:47 +00:00
parent da66b1d69e
commit 79f31e85db
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2009-03-20 David Shaw <dshaw@jabberwocky.com>
* keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on
secret keyring files to be extra safe on filesystems that may not
sync data and metadata together (ext4). Also check return code
from the cache invalidation to make sure we're safe over NFS and
similar.
2009-03-14 David Shaw <dshaw@jabberwocky.com> 2009-03-14 David Shaw <dshaw@jabberwocky.com>
* gpgv.c (strusage): Fix name of program in "Syntax" line. * gpgv.c (strusage): Fix name of program in "Syntax" line.

34
g10/keyring.c
View File

@ -1,5 +1,5 @@
/* keyring.c - keyring file handling /* keyring.c - keyring file handling
* Copyright (C) 2001, 2004 Free Software Foundation, Inc. * Copyright (C) 2001, 2004, 2007, 2009 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1212,10 +1212,17 @@ static int
rename_tmp_file (const char *bakfname, const char *tmpfname, rename_tmp_file (const char *bakfname, const char *tmpfname,
const char *fname, int secret ) const char *fname, int secret )
{ {
int rc=0; int rc=G10ERR_GENERAL;
/* It's a secret keyring, so let's force a fsync just to be safe on
filesystems that may not sync data and metadata together
(ext4). */
if(secret && iobuf_ioctl(NULL,4,0,(char*)tmpfname)!=0)
goto fail;
/* invalidate close caches*/ /* invalidate close caches*/
iobuf_ioctl (NULL, 2, 0, (char*)tmpfname ); if(iobuf_ioctl (NULL, 2, 0, (char*)tmpfname )!=0)
goto fail;
iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
iobuf_ioctl (NULL, 2, 0, (char*)fname ); iobuf_ioctl (NULL, 2, 0, (char*)fname );
@ -1245,15 +1252,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
tmpfname, fname, strerror(errno) ); tmpfname, fname, strerror(errno) );
register_secured_file (fname); register_secured_file (fname);
rc = G10ERR_RENAME_FILE; rc = G10ERR_RENAME_FILE;
if (secret) goto fail;
{
log_info(_("WARNING: 2 files with confidential"
" information exists.\n"));
log_info(_("%s is the unchanged one\n"), fname );
log_info(_("%s is the new one\n"), tmpfname );
log_info(_("Please fix this possible security flaw\n"));
}
return rc;
} }
/* Now make sure the file has the same permissions as the original */ /* Now make sure the file has the same permissions as the original */
@ -1275,6 +1274,17 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
#endif #endif
return 0; return 0;
fail:
if(secret)
{
log_info(_("WARNING: 2 files with confidential information exists.\n"));
log_info(_("%s is the unchanged one\n"), fname );
log_info(_("%s is the new one\n"), tmpfname );
log_info(_("Please fix this possible security flaw\n"));
}
return rc;
} }