diff options
author | David Shaw <dshaw@jabberwocky.com> | 2002-08-09 04:23:42 +0200 |
---|---|---|
committer | David Shaw <dshaw@jabberwocky.com> | 2002-08-09 04:23:42 +0200 |
commit | 74a84ca93b9662b32475fd19af4ca41a96290d42 (patch) | |
tree | dbd137199de0a7cfbd91a7f48d6da9524465e572 /g10/keyring.c | |
parent | * Makefile.am, md.c (load_digest_module): Allow switching TIGER on and off (diff) | |
download | gnupg2-74a84ca93b9662b32475fd19af4ca41a96290d42.tar.xz gnupg2-74a84ca93b9662b32475fd19af4ca41a96290d42.zip |
* options.skel: Some language tweaks, and remove the load-extension
section for random gatherers.
* keyring.c (create_tmp_file, rename_tmp_file): Create tmp files with
user-only permissions, but restore the original permissions if the user
has something special set.
* openfile.c (copy_options_file): Create new options file (gpg.conf) with
user-only permissions.
* keydb.c (keydb_add_resource): Create new keyrings with user-only
permissions.
Diffstat (limited to 'g10/keyring.c')
-rw-r--r-- | g10/keyring.c | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/g10/keyring.c b/g10/keyring.c index f75a79dfe..b084aa8af 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1132,6 +1132,7 @@ create_tmp_file (const char *template, char **r_bakfname, char **r_tmpfname, IOBUF *r_fp) { char *bakfname, *tmpfname; + mode_t oldmask; *r_bakfname = NULL; *r_tmpfname = NULL; @@ -1169,7 +1170,10 @@ create_tmp_file (const char *template, strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp"); # endif /* Posix filename */ + /* Create the temp file with limited access */ + oldmask=umask(077); *r_fp = iobuf_create (tmpfname); + umask(oldmask); if (!*r_fp) { log_error ("can't create `%s': %s\n", tmpfname, strerror(errno) ); m_free (tmpfname); @@ -1189,19 +1193,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, { int rc=0; - /* restrict the permissions for secret keyrings */ -#ifndef HAVE_DOSISH_SYSTEM - if (secret && !opt.preserve_permissions) - { - if (chmod (tmpfname, S_IRUSR | S_IWUSR) ) - { - log_error ("chmod of `%s' failed: %s\n", - tmpfname, strerror(errno) ); - return G10ERR_WRITE_FILE; - } - } -#endif - /* invalidate close caches*/ iobuf_ioctl (NULL, 2, 0, (char*)tmpfname ); iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); @@ -1241,6 +1232,24 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, return rc; } + /* Now make sure the file has the same permissions as the original */ + +#ifndef HAVE_DOSISH_SYSTEM + { + struct stat statbuf; + + statbuf.st_mode=S_IRUSR | S_IWUSR; + + if(((secret && !opt.preserve_permissions) || + (stat(bakfname,&statbuf)==0)) && + (chmod(fname,statbuf.st_mode)==0)) + ; + else + log_error("WARNING: unable to restore permissions to `%s': %s", + fname,strerror(errno)); + } +#endif + return 0; } @@ -1430,8 +1439,11 @@ do_copy (int mode, const char *fname, KBNODE root, int secret, if (mode == 1 && !fp && errno == ENOENT) { /* insert mode but file does not exist: create a new file */ KBNODE kbctx, node; + mode_t oldmask; + oldmask=umask(077); newfp = iobuf_create (fname); + umask(oldmask); if( !newfp ) { log_error (_("%s: can't create: %s\n"), fname, strerror(errno)); @@ -1453,10 +1465,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret, log_error ("%s: close failed: %s\n", fname, strerror(errno)); return G10ERR_CLOSE_FILE; } - if (chmod( fname, S_IRUSR | S_IWUSR )) { - log_error("%s: chmod failed: %s\n", fname, strerror(errno) ); - return G10ERR_WRITE_FILE; - } return 0; /* ready */ } |