* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow

secret key export.
* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise

3 files changed, 23 insertions, 0 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 7d7b64370..bbae614c6 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,9 @@
 2004-10-14  Werner Koch  <wk@g10code.com>
 
+	* export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow
+	secret key export.
+	* import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise 
+
 	* misc.c (is_secured_filename): New.
 	* keydb.c (maybe_create_keyring)
 	* tdbio.c (tdbio_set_dbname)
diff --git a/g10/export.c b/g10/export.c
index 9ac12e111..1227b1f58 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -171,6 +171,14 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
            do this we need an extra flag to enable this feature so */
     }
 
+#ifdef ENABLE_SELINUX_HACKS
+    if (secret) {
+        log_error (_("exporting secret keys not allowed\n"));
+        rc = G10ERR_GENERAL;
+        goto leave;
+    }
+#endif
+
     while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) {
         int sha1_warned=0,skip_until_subkey=0;
 	u32 sk_keyid[2];
diff --git a/g10/import.c b/g10/import.c
index 9586ba314..dc7ef5b9a 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1055,6 +1055,17 @@ import_secret_one( const char *fname, KBNODE keyblock,
 	return 0;
       }
 
+#ifdef ENABLE_SELINUX_HACKS
+    if (1)
+      {
+        /* We don't allow to import secret keys because that may be used
+           to put a secret key into the keyring and the user might later
+           be tricked into signing stuff with that key.  */
+        log_error (_("importing secret keys not allowed\n"));
+        return 0;
+      }
+#endif 
+    
     clear_kbnode_flags( keyblock );
 
     /* do we have this key already in one of our secrings ? */