mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700. (iobuf_create): Ditto. * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call callers to pass 0 for it. * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new arg. * g10/export.c (do_export): Pass true for new arg if SECRET is true. -- GnuPG-bug-id: 1653. Note that this works only if --output has been used.
This commit is contained in:
parent
35fdfaa0b9
commit
c434de4d83
@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname)
|
|||||||
|
|
||||||
|
|
||||||
static gnupg_fd_t
|
static gnupg_fd_t
|
||||||
direct_open (const char *fname, const char *mode)
|
direct_open (const char *fname, const char *mode, int mode700)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_W32_SYSTEM
|
#ifdef HAVE_W32_SYSTEM
|
||||||
unsigned long da, cd, sm;
|
unsigned long da, cd, sm;
|
||||||
@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode)
|
|||||||
#else /*!HAVE_W32_SYSTEM*/
|
#else /*!HAVE_W32_SYSTEM*/
|
||||||
|
|
||||||
int oflag;
|
int oflag;
|
||||||
int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
|
int cflag = S_IRUSR | S_IWUSR;
|
||||||
|
|
||||||
|
if (!mode700)
|
||||||
|
cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
|
||||||
|
|
||||||
/* Note, that we do not handle all mode combinations */
|
/* Note, that we do not handle all mode combinations */
|
||||||
if (strchr (mode, '+'))
|
if (strchr (mode, '+'))
|
||||||
@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode)
|
|||||||
}
|
}
|
||||||
if (DBG_IOBUF)
|
if (DBG_IOBUF)
|
||||||
log_debug ("fd_cache_open (%s) not cached\n", fname);
|
log_debug ("fd_cache_open (%s) not cached\n", fname);
|
||||||
return direct_open (fname, mode);
|
return direct_open (fname, mode, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* create an iobuf for writing to a file; the file will be created.
|
* Create an iobuf for writing to a file; the file will be created.
|
||||||
|
* With MODE700 set the file is created with that mode (Unix only).
|
||||||
*/
|
*/
|
||||||
iobuf_t
|
iobuf_t
|
||||||
iobuf_create (const char *fname)
|
iobuf_create (const char *fname, int mode700)
|
||||||
{
|
{
|
||||||
iobuf_t a;
|
iobuf_t a;
|
||||||
gnupg_fd_t fp;
|
gnupg_fd_t fp;
|
||||||
@ -1445,7 +1449,7 @@ iobuf_create (const char *fname)
|
|||||||
}
|
}
|
||||||
else if ((fd = check_special_filename (fname)) != -1)
|
else if ((fd = check_special_filename (fname)) != -1)
|
||||||
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
|
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
|
||||||
else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD)
|
else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
|
||||||
return NULL;
|
return NULL;
|
||||||
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
||||||
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
||||||
@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname)
|
|||||||
|
|
||||||
if (!fname)
|
if (!fname)
|
||||||
return NULL;
|
return NULL;
|
||||||
else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD)
|
else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
|
||||||
return NULL;
|
return NULL;
|
||||||
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
|
||||||
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
fcx = xmalloc (sizeof *fcx + strlen (fname));
|
||||||
|
@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode);
|
|||||||
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
|
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
|
||||||
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
|
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
|
||||||
iobuf_t iobuf_sockopen (int fd, const char *mode);
|
iobuf_t iobuf_sockopen (int fd, const char *mode);
|
||||||
iobuf_t iobuf_create (const char *fname);
|
iobuf_t iobuf_create (const char *fname, int mode700);
|
||||||
iobuf_t iobuf_append (const char *fname);
|
iobuf_t iobuf_append (const char *fname);
|
||||||
iobuf_t iobuf_openrw (const char *fname);
|
iobuf_t iobuf_openrw (const char *fname);
|
||||||
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
|
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
|
||||||
|
@ -64,7 +64,7 @@ dearmor_file( const char *fname )
|
|||||||
|
|
||||||
push_armor_filter ( afx, inp );
|
push_armor_filter ( afx, inp );
|
||||||
|
|
||||||
if( (rc = open_outfile (-1, fname, 0, &out )) )
|
if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
while( (c = iobuf_get(inp)) != -1 )
|
while( (c = iobuf_get(inp)) != -1 )
|
||||||
@ -110,7 +110,7 @@ enarmor_file( const char *fname )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if( (rc = open_outfile (-1, fname, 1, &out )) )
|
if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
afx->what = 4;
|
afx->what = 4;
|
||||||
|
@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||||||
do_compress = 0;
|
do_compress = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out )))
|
if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
|
||||||
{
|
{
|
||||||
iobuf_cancel (inp);
|
iobuf_cancel (inp);
|
||||||
xfree (cfx.dek);
|
xfree (cfx.dek);
|
||||||
@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
|||||||
if (opt.textmode)
|
if (opt.textmode)
|
||||||
iobuf_push_filter (inp, text_filter, &tfx);
|
iobuf_push_filter (inp, text_filter, &tfx);
|
||||||
|
|
||||||
rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out);
|
rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
|
|||||||
|
|
||||||
memset( &zfx, 0, sizeof zfx);
|
memset( &zfx, 0, sizeof zfx);
|
||||||
|
|
||||||
rc = open_outfile (-1, NULL, 0, &out );
|
rc = open_outfile (-1, NULL, 0, !!secret, &out );
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force)
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
iobuf = iobuf_create (filename);
|
iobuf = iobuf_create (filename, 0);
|
||||||
umask (oldmask);
|
umask (oldmask);
|
||||||
if (!iobuf)
|
if (!iobuf)
|
||||||
{
|
{
|
||||||
|
@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
|
outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
|
||||||
if (!outctrl->pub.stream)
|
if (!outctrl->pub.stream)
|
||||||
{
|
{
|
||||||
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
|
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
|
||||||
@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
|||||||
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
|
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
|
||||||
|
|
||||||
fname = make_filename (backup_dir, name_buffer, NULL);
|
fname = make_filename (backup_dir, name_buffer, NULL);
|
||||||
|
/* Note that the umask call is not anymore needed because
|
||||||
|
iobuf_create now takes care of it. However, it does not harm
|
||||||
|
and thus we keep it. */
|
||||||
oldmask = umask (077);
|
oldmask = umask (077);
|
||||||
if (is_secured_filename (fname))
|
if (is_secured_filename (fname))
|
||||||
{
|
{
|
||||||
@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
fp = iobuf_create (fname);
|
fp = iobuf_create (fname, 1);
|
||||||
umask (oldmask);
|
umask (oldmask);
|
||||||
if (!fp)
|
if (!fp)
|
||||||
{
|
{
|
||||||
|
@ -1197,7 +1197,9 @@ create_tmp_file (const char *template,
|
|||||||
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
|
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
|
||||||
# endif /* Posix filename */
|
# endif /* Posix filename */
|
||||||
|
|
||||||
/* Create the temp file with limited access */
|
/* Create the temp file with limited access. Note that the umask
|
||||||
|
call is not anymore needed because iobuf_create now takes care
|
||||||
|
of it. However, it does not harm and thus we keep it. */
|
||||||
oldmask=umask(077);
|
oldmask=umask(077);
|
||||||
if (is_secured_filename (tmpfname))
|
if (is_secured_filename (tmpfname))
|
||||||
{
|
{
|
||||||
@ -1205,7 +1207,7 @@ create_tmp_file (const char *template,
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
*r_fp = iobuf_create (tmpfname);
|
*r_fp = iobuf_create (tmpfname, 1);
|
||||||
umask(oldmask);
|
umask(oldmask);
|
||||||
if (!*r_fp)
|
if (!*r_fp)
|
||||||
{
|
{
|
||||||
@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root,
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
newfp = iobuf_create (fname);
|
newfp = iobuf_create (fname, 1);
|
||||||
umask(oldmask);
|
umask(oldmask);
|
||||||
if( !newfp )
|
if( !newfp )
|
||||||
{
|
{
|
||||||
|
@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
|
|||||||
int overwrite_filep( const char *fname );
|
int overwrite_filep( const char *fname );
|
||||||
char *make_outfile_name( const char *iname );
|
char *make_outfile_name( const char *iname );
|
||||||
char *ask_outfile_name( const char *name, size_t namelen );
|
char *ask_outfile_name( const char *name, size_t namelen );
|
||||||
int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a);
|
int open_outfile (int inp_fd, const char *iname, int mode,
|
||||||
|
int restrictedperm, iobuf_t *a);
|
||||||
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
|
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
|
||||||
void try_make_homedir( const char *fname );
|
void try_make_homedir( const char *fname );
|
||||||
|
|
||||||
|
@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen )
|
|||||||
*
|
*
|
||||||
* If INP_FD is not -1 the function simply creates an IOBUF for that
|
* If INP_FD is not -1 the function simply creates an IOBUF for that
|
||||||
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
|
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
|
||||||
* be closed if the returned IOBUF is closed.
|
* be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
|
||||||
|
* file will be created with mode 700 if possible.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
|
||||||
|
iobuf_t *a)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
|||||||
}
|
}
|
||||||
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
|
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
|
||||||
{
|
{
|
||||||
*a = iobuf_create(NULL);
|
*a = iobuf_create (NULL, 0);
|
||||||
if ( !*a )
|
if ( !*a )
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
*a = iobuf_create (name);
|
*a = iobuf_create (name, restrictedperm);
|
||||||
if (!*a)
|
if (!*a)
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
|
@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
|
|||||||
if( !opt.armor )
|
if( !opt.armor )
|
||||||
tty_printf(_("ASCII armored output forced.\n"));
|
tty_printf(_("ASCII armored output forced.\n"));
|
||||||
|
|
||||||
if( (rc = open_outfile (-1, NULL, 0, &out )) )
|
if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
afx->what = 1;
|
afx->what = 1;
|
||||||
@ -518,7 +518,7 @@ gen_revoke (const char *uname)
|
|||||||
if (!opt.armor)
|
if (!opt.armor)
|
||||||
tty_printf (_("ASCII armored output forced.\n"));
|
tty_printf (_("ASCII armored output forced.\n"));
|
||||||
|
|
||||||
if ((rc = open_outfile (-1, NULL, 0, &out )))
|
if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
afx->what = 1;
|
afx->what = 1;
|
||||||
|
10
g10/sign.c
10
g10/sign.c
@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
out = iobuf_create( outfile );
|
out = iobuf_create (outfile, 0);
|
||||||
if( !out )
|
if( !out )
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
log_info(_("writing to '%s'\n"), outfile );
|
log_info(_("writing to '%s'\n"), outfile );
|
||||||
}
|
}
|
||||||
else if( (rc = open_outfile (-1, fname,
|
else if( (rc = open_outfile (-1, fname,
|
||||||
opt.armor? 1: detached? 2:0, &out )))
|
opt.armor? 1: detached? 2:0, 0, &out)))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
/* prepare to calculate the MD over the input */
|
/* prepare to calculate the MD over the input */
|
||||||
@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
gpg_err_set_errno (EPERM);
|
gpg_err_set_errno (EPERM);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
out = iobuf_create( outfile );
|
out = iobuf_create (outfile, 0);
|
||||||
if( !out )
|
if( !out )
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
else if( opt.verbose )
|
else if( opt.verbose )
|
||||||
log_info(_("writing to '%s'\n"), outfile );
|
log_info(_("writing to '%s'\n"), outfile );
|
||||||
}
|
}
|
||||||
else if( (rc = open_outfile (-1, fname, 1, &out )) )
|
else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
|
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
|
||||||
@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
cfx.dek->use_mdc=1;
|
cfx.dek->use_mdc=1;
|
||||||
|
|
||||||
/* now create the outfile */
|
/* now create the outfile */
|
||||||
rc = open_outfile (-1, fname, opt.armor? 1:0, &out);
|
rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user