mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow
secret key export. * import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
This commit is contained in:
Werner Koch
parent
8f70a693ac
commit
f294ce2d8b
3 changed files with 23 additions and 0 deletions
11
g10/import.c
11
g10/import.c
|
|
@ -1055,6 +1055,17 @@ import_secret_one( const char *fname, KBNODE keyblock,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SELINUX_HACKS
|
||||
if (1)
|
||||
{
|
||||
/* We don't allow to import secret keys because that may be used
|
||||
to put a secret key into the keyring and the user might later
|
||||
be tricked into signing stuff with that key. */
|
||||
log_error (_("importing secret keys not allowed\n"));
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
clear_kbnode_flags( keyblock );
|
||||
|
||||
/* do we have this key already in one of our secrings ? */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue