diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-06-04 15:30:40 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-06-04 15:30:40 +0000 |
| commit | 6faa9e26414abde4832ec88c347435565c751e0b (patch) | |
| tree | 7b29c0f45deb534b8178879faa204047c45e6607 | |
| parent | 97cc48f904806157ce47fa524b4247d03d55e769 (diff) | |
| download | tor-6faa9e26414abde4832ec88c347435565c751e0b.tar.gz tor-6faa9e26414abde4832ec88c347435565c751e0b.zip | |
r13239@catbus: nickm | 2007-06-04 11:30:37 -0400
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400.
svn:r10485
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/common/crypto.c | 1 | ||||
| -rw-r--r-- | src/common/util.c | 4 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 28 |
4 files changed, 28 insertions, 8 deletions
@@ -3,7 +3,8 @@ Changes in version 0.2.0.3-alpha - 2007-??-?? - Create listener connections before we setuid to the configured User and Group. This way, you can choose port values under 1024, start Tor as root, and have Tor bind those ports before it changes to another UID. - - tor-gencert creates all files visible to the file creator only. + - tor-gencert creates all files as readable to the file creator only, and + write-protects the authority identity key. o Minor bugfixes (dns): - Fix a crash when DNSPort is set more than once. (Patch from Robert diff --git a/src/common/crypto.c b/src/common/crypto.c index d4059e0d75..bcb8a375a8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -566,7 +566,6 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s = tor_malloc(len+1); memcpy(s, cp, len); s[len]='\0'; - /* XXXX020 make this file get created with mode 600. */ r = write_str_to_file(fname, s, 0); BIO_free(bio); tor_free(s); diff --git a/src/common/util.c b/src/common/util.c index 74279cee7a..4c9370945d 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1371,7 +1371,9 @@ check_private_dir(const char *dirname, cpd_check_t check) /** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite * the previous <b>fname</b> if possible. Return 0 on success, -1 on failure. * - * This function replaces the old file atomically, if possible. + * This function replaces the old file atomically, if possible. This + * function, and all other functions in util.c that create files, create them + * with mode 0600. */ int write_str_to_file(const char *fname, const char *str, int bin) diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e4bc01df73..c879c9760c 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -9,6 +9,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> #include <openssl/evp.h> #include <openssl/pem.h> @@ -149,6 +151,7 @@ load_identity_key(void) FILE *f; if (make_new_id) { + int fd; RSA *key; if (status != FN_NOENT) { log_err(LD_GENERAL, "--create-identity-key was specified, but %s " @@ -168,8 +171,15 @@ load_identity_key(void) return 1; } - if (!(f = fopen(identity_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + if ((fd = open(identity_key_file, O_CREAT|O_EXCL|O_WRONLY, 0400))<0) { + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", + identity_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", identity_key_file, strerror(errno)); return 1; } @@ -214,6 +224,7 @@ load_identity_key(void) static int generate_signing_key(void) { + int fd; FILE *f; RSA *key; log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.", @@ -229,8 +240,15 @@ generate_signing_key(void) return 1; } - if (!(f = fopen(signing_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for reading: %s", + if ((fd = open(signing_key_file, O_CREAT|O_EXCL|O_WRONLY, 0600))<0) { + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + signing_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", signing_key_file, strerror(errno)); return 1; } @@ -358,7 +376,7 @@ main(int argc, char **argv) goto done; } /* Make sure that files are made private. */ - umask(0700); + umask(0077); if (parse_commandline(argc, argv)) goto done; |