aboutsummaryrefslogtreecommitdiff
path: root/src/tools
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-06-04 15:30:40 +0000
committerNick Mathewson <nickm@torproject.org>2007-06-04 15:30:40 +0000
commit6faa9e26414abde4832ec88c347435565c751e0b (patch)
tree7b29c0f45deb534b8178879faa204047c45e6607 /src/tools
parent97cc48f904806157ce47fa524b4247d03d55e769 (diff)
downloadtor-6faa9e26414abde4832ec88c347435565c751e0b.tar.gz
tor-6faa9e26414abde4832ec88c347435565c751e0b.zip
r13239@catbus: nickm | 2007-06-04 11:30:37 -0400
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400. svn:r10485
Diffstat (limited to 'src/tools')
-rw-r--r--src/tools/tor-gencert.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index e4bc01df73..c879c9760c 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -9,6 +9,8 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -149,6 +151,7 @@ load_identity_key(void)
FILE *f;
if (make_new_id) {
+ int fd;
RSA *key;
if (status != FN_NOENT) {
log_err(LD_GENERAL, "--create-identity-key was specified, but %s "
@@ -168,8 +171,15 @@ load_identity_key(void)
return 1;
}
- if (!(f = fopen(identity_key_file, "w"))) {
- log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
+ if ((fd = open(identity_key_file, O_CREAT|O_EXCL|O_WRONLY, 0400))<0) {
+ log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s",
+ identity_key_file, strerror(errno));
+ return 1;
+ }
+
+ if (!(f = fdopen(fd, "w"))) {
+ close(fd);
+ log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s",
identity_key_file, strerror(errno));
return 1;
}
@@ -214,6 +224,7 @@ load_identity_key(void)
static int
generate_signing_key(void)
{
+ int fd;
FILE *f;
RSA *key;
log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.",
@@ -229,8 +240,15 @@ generate_signing_key(void)
return 1;
}
- if (!(f = fopen(signing_key_file, "w"))) {
- log_err(LD_GENERAL, "Couldn't open %s for reading: %s",
+ if ((fd = open(signing_key_file, O_CREAT|O_EXCL|O_WRONLY, 0600))<0) {
+ log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
+ signing_key_file, strerror(errno));
+ return 1;
+ }
+
+ if (!(f = fdopen(fd, "w"))) {
+ close(fd);
+ log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
signing_key_file, strerror(errno));
return 1;
}
@@ -358,7 +376,7 @@ main(int argc, char **argv)
goto done;
}
/* Make sure that files are made private. */
- umask(0700);
+ umask(0077);
if (parse_commandline(argc, argv))
goto done;