agent: Sanitize permissions of the private key directory.

* agent/gpg-agent.c (create_private_keys_directory): Set permissions. * common/sysutils.c (modestr_to_mode): New function. (gnupg_mkdir): Use new function. (gnupg_chmod): New function. * common/sysutils.h (gnupg_chmod): New prototype. * tests/migrations/from-classic.test: Test migration with existing directory. GnuPG-bug-id: 2312 Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-02 22:46:30 +02:00 · 2016-04-20 14:55:45 +02:00 · 2016-04-20 14:55:45 +02:00 · f8adf1a323
commit f8adf1a323
parent defbc70b4a
4 changed files with 69 additions and 24 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -1908,9 +1908,13 @@ create_private_keys_directory (const char *home)
      else if (!opt.quiet)
        log_info (_("directory '%s' created\n"), fname);
    }
+  if (gnupg_chmod (fname, "-rwx"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               fname, strerror (errno));
  xfree (fname);
 }

+
 /* Create the directory only if the supplied directory name is the
   same as the default one.  This way we avoid to create arbitrary
   directories when a non-default home directory is used.  To cope