* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow

secret key export. * import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise
author: Werner Koch <wk@gnupg.org> 2004-10-14 12:48:15 +0200
committer: Werner Koch <wk@gnupg.org> 2004-10-14 12:48:15 +0200
commit: f294ce2d8bf0d674397475777b4ac7f02787a5fb (patch)
tree: 756e35b5e56c9d99eee25b6476f34d3666733aa5 /g10/import.c
parent: * rndunix.c (start_gatherer) [ENABLE_SELINUX_HACKS]: Don't allow (diff)
download: gnupg2-f294ce2d8bf0d674397475777b4ac7f02787a5fb.tar.xz
gnupg2-f294ce2d8bf0d674397475777b4ac7f02787a5fb.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/g10/import.c b/g10/import.c
index 9586ba314..dc7ef5b9a 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1055,6 +1055,17 @@ import_secret_one( const char *fname, KBNODE keyblock,
 	return 0;
       }
 
+#ifdef ENABLE_SELINUX_HACKS
+    if (1)
+      {
+        /* We don't allow to import secret keys because that may be used
+           to put a secret key into the keyring and the user might later
+           be tricked into signing stuff with that key.  */
+        log_error (_("importing secret keys not allowed\n"));
+        return 0;
+      }
+#endif 
+    
     clear_kbnode_flags( keyblock );
 
     /* do we have this key already in one of our secrings ? */
author	Werner Koch <wk@gnupg.org>	2004-10-14 12:48:15 +0200
committer	Werner Koch <wk@gnupg.org>	2004-10-14 12:48:15 +0200
commit	f294ce2d8bf0d674397475777b4ac7f02787a5fb (patch)
tree	756e35b5e56c9d99eee25b6476f34d3666733aa5 /g10/import.c
parent	* rndunix.c (start_gatherer) [ENABLE_SELINUX_HACKS]: Don't allow (diff)
download	gnupg2-f294ce2d8bf0d674397475777b4ac7f02787a5fb.tar.xz gnupg2-f294ce2d8bf0d674397475777b4ac7f02787a5fb.zip