security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Create exported secret files and revocs with mode 700. 

* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.
This commit is contained in:
Werner Koch 2014-06-25 20:25:28 +02:00
parent 35fdfaa0b9
commit c434de4d83
12 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
common/iobuf.c
View File

@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname)
static gnupg_fd_t
direct_open (const char *fname, const char *mode)
direct_open (const char *fname, const char *mode, int mode700)
{
#ifdef HAVE_W32_SYSTEM
unsigned long da, cd, sm;
@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode)
#else /*!HAVE_W32_SYSTEM*/
int oflag;
int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
int cflag = S_IRUSR | S_IWUSR;
if (!mode700)
cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
/* Note, that we do not handle all mode combinations */
if (strchr (mode, '+'))
@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode)
}
if (DBG_IOBUF)
log_debug ("fd_cache_open (%s) not cached\n", fname);
return direct_open (fname, mode);
return direct_open (fname, mode, 0);
}
@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode)
}
/****************
* create an iobuf for writing to a file; the file will be created.
* Create an iobuf for writing to a file; the file will be created.
* With MODE700 set the file is created with that mode (Unix only).
*/
iobuf_t
iobuf_create (const char *fname)
iobuf_create (const char *fname, int mode700)
{
iobuf_t a;
gnupg_fd_t fp;
@ -1445,7 +1449,7 @@ iobuf_create (const char *fname)
}
else if ((fd = check_special_filename (fname)) != -1)
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD)
else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));
@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname)
if (!fname)
return NULL;
else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD)
else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));

2
common/iobuf.h
View File

@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode);
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
iobuf_t iobuf_sockopen (int fd, const char *mode);
iobuf_t iobuf_create (const char *fname);
iobuf_t iobuf_create (const char *fname, int mode700);
iobuf_t iobuf_append (const char *fname);
iobuf_t iobuf_openrw (const char *fname);
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);

4
g10/dearmor.c
View File

@ -64,7 +64,7 @@ dearmor_file( const char *fname )
push_armor_filter ( afx, inp );
if( (rc = open_outfile (-1, fname, 0, &out )) )
if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
goto leave;
while( (c = iobuf_get(inp)) != -1 )
@ -110,7 +110,7 @@ enarmor_file( const char *fname )
}
if( (rc = open_outfile (-1, fname, 1, &out )) )
if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
goto leave;
afx->what = 4;

4
g10/encrypt.c
View File

@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
do_compress = 0;
}
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out )))
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
{
iobuf_cancel (inp);
xfree (cfx.dek);
@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (opt.textmode)
iobuf_push_filter (inp, text_filter, &tfx);
rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out);
rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;

2
g10/export.c
View File

@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
memset( &zfx, 0, sizeof zfx);
rc = open_outfile (-1, NULL, 0, &out );
rc = open_outfile (-1, NULL, 0, !!secret, &out );
if (rc)
return rc;

2
g10/keydb.c
View File

@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force)
gpg_err_set_errno (EPERM);
}
else
iobuf = iobuf_create (filename);
iobuf = iobuf_create (filename, 0);
umask (oldmask);
if (!iobuf)
{

7
g10/keygen.c
View File

@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para,
gpg_err_set_errno (EPERM);
}
else
outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
if (!outctrl->pub.stream)
{
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
fname = make_filename (backup_dir, name_buffer, NULL);
/* Note that the umask call is not anymore needed because
iobuf_create now takes care of it. However, it does not harm
and thus we keep it. */
oldmask = umask (077);
if (is_secured_filename (fname))
{
@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
gpg_err_set_errno (EPERM);
}
else
fp = iobuf_create (fname);
fp = iobuf_create (fname, 1);
umask (oldmask);
if (!fp)
{

8
g10/keyring.c
View File

@ -1197,7 +1197,9 @@ create_tmp_file (const char *template,
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */
/* Create the temp file with limited access */
/* Create the temp file with limited access. Note that the umask
call is not anymore needed because iobuf_create now takes care
of it. However, it does not harm and thus we keep it. */
oldmask=umask(077);
if (is_secured_filename (tmpfname))
{
@ -1205,7 +1207,7 @@ create_tmp_file (const char *template,
gpg_err_set_errno (EPERM);
}
else
*r_fp = iobuf_create (tmpfname);
*r_fp = iobuf_create (tmpfname, 1);
umask(oldmask);
if (!*r_fp)
{
@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root,
gpg_err_set_errno (EPERM);
}
else
newfp = iobuf_create (fname);
newfp = iobuf_create (fname, 1);
umask(oldmask);
if( !newfp )
{

3
g10/main.h
View File

@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
int overwrite_filep( const char *fname );
char *make_outfile_name( const char *iname );
char *ask_outfile_name( const char *name, size_t namelen );
int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a);
int open_outfile (int inp_fd, const char *iname, int mode,
int restrictedperm, iobuf_t *a);
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
void try_make_homedir( const char *fname );

10
g10/openfile.c
View File

@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen )
*
* If INP_FD is not -1 the function simply creates an IOBUF for that
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
* be closed if the returned IOBUF is closed.
* be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
* file will be created with mode 700 if possible.
*/
int
open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
iobuf_t *a)
{
int rc = 0;
@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
}
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
{
*a = iobuf_create(NULL);
*a = iobuf_create (NULL, 0);
if ( !*a )
{
rc = gpg_error_from_syserror ();
@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
gpg_err_set_errno (EPERM);
}
else
*a = iobuf_create (name);
*a = iobuf_create (name, restrictedperm);
if (!*a)
{
rc = gpg_error_from_syserror ();

4
g10/revoke.c
View File

@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
if( !opt.armor )
tty_printf(_("ASCII armored output forced.\n"));
if( (rc = open_outfile (-1, NULL, 0, &out )) )
if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
goto leave;
afx->what = 1;
@ -518,7 +518,7 @@ gen_revoke (const char *uname)
if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n"));
if ((rc = open_outfile (-1, NULL, 0, &out )))
if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
goto leave;
afx->what = 1;

10
g10/sign.c
View File

@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
gpg_err_set_errno (EPERM);
}
else
out = iobuf_create( outfile );
out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
log_info(_("writing to '%s'\n"), outfile );
}
else if( (rc = open_outfile (-1, fname,
opt.armor? 1: detached? 2:0, &out )))
opt.armor? 1: detached? 2:0, 0, &out)))
goto leave;
/* prepare to calculate the MD over the input */
@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gpg_err_set_errno (EPERM);
}
else
out = iobuf_create( outfile );
out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
else if( opt.verbose )
log_info(_("writing to '%s'\n"), outfile );
}
else if( (rc = open_outfile (-1, fname, 1, &out )) )
else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
goto leave;
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
cfx.dek->use_mdc=1;
/* now create the outfile */
rc = open_outfile (-1, fname, opt.armor? 1:0, &out);
rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;