1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00

* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow

secret key export.
* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
This commit is contained in:
Werner Koch 2004-10-14 10:48:15 +00:00
parent 8f70a693ac
commit f294ce2d8b
3 changed files with 23 additions and 0 deletions

View File

@ -1,5 +1,9 @@
2004-10-14 Werner Koch <wk@g10code.com>
* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow
secret key export.
* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
* misc.c (is_secured_filename): New.
* keydb.c (maybe_create_keyring)
* tdbio.c (tdbio_set_dbname)

View File

@ -171,6 +171,14 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
do this we need an extra flag to enable this feature so */
}
#ifdef ENABLE_SELINUX_HACKS
if (secret) {
log_error (_("exporting secret keys not allowed\n"));
rc = G10ERR_GENERAL;
goto leave;
}
#endif
while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) {
int sha1_warned=0,skip_until_subkey=0;
u32 sk_keyid[2];

View File

@ -1055,6 +1055,17 @@ import_secret_one( const char *fname, KBNODE keyblock,
return 0;
}
#ifdef ENABLE_SELINUX_HACKS
if (1)
{
/* We don't allow to import secret keys because that may be used
to put a secret key into the keyring and the user might later
be tricked into signing stuff with that key. */
log_error (_("importing secret keys not allowed\n"));
return 0;
}
#endif
clear_kbnode_flags( keyblock );
/* do we have this key already in one of our secrings ? */