diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-06-04 15:30:40 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-06-04 15:30:40 +0000 |
| commit | 6faa9e26414abde4832ec88c347435565c751e0b (patch) | |
| tree | 7b29c0f45deb534b8178879faa204047c45e6607 /src | |
| parent | 97cc48f904806157ce47fa524b4247d03d55e769 (diff) | |
| download | tor-6faa9e26414abde4832ec88c347435565c751e0b.tar.gz tor-6faa9e26414abde4832ec88c347435565c751e0b.zip | |
r13239@catbus: nickm | 2007-06-04 11:30:37 -0400
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400.
svn:r10485
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 1 | ||||
| -rw-r--r-- | src/common/util.c | 4 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 28 |
3 files changed, 26 insertions, 7 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index d4059e0d75..bcb8a375a8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -566,7 +566,6 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s = tor_malloc(len+1); memcpy(s, cp, len); s[len]='\0'; - /* XXXX020 make this file get created with mode 600. */ r = write_str_to_file(fname, s, 0); BIO_free(bio); tor_free(s); diff --git a/src/common/util.c b/src/common/util.c index 74279cee7a..4c9370945d 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1371,7 +1371,9 @@ check_private_dir(const char *dirname, cpd_check_t check) /** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite * the previous <b>fname</b> if possible. Return 0 on success, -1 on failure. * - * This function replaces the old file atomically, if possible. + * This function replaces the old file atomically, if possible. This + * function, and all other functions in util.c that create files, create them + * with mode 0600. */ int write_str_to_file(const char *fname, const char *str, int bin) diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e4bc01df73..c879c9760c 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -9,6 +9,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> #include <openssl/evp.h> #include <openssl/pem.h> @@ -149,6 +151,7 @@ load_identity_key(void) FILE *f; if (make_new_id) { + int fd; RSA *key; if (status != FN_NOENT) { log_err(LD_GENERAL, "--create-identity-key was specified, but %s " @@ -168,8 +171,15 @@ load_identity_key(void) return 1; } - if (!(f = fopen(identity_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + if ((fd = open(identity_key_file, O_CREAT|O_EXCL|O_WRONLY, 0400))<0) { + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", + identity_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", identity_key_file, strerror(errno)); return 1; } @@ -214,6 +224,7 @@ load_identity_key(void) static int generate_signing_key(void) { + int fd; FILE *f; RSA *key; log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.", @@ -229,8 +240,15 @@ generate_signing_key(void) return 1; } - if (!(f = fopen(signing_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for reading: %s", + if ((fd = open(signing_key_file, O_CREAT|O_EXCL|O_WRONLY, 0600))<0) { + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + signing_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", signing_key_file, strerror(errno)); return 1; } @@ -358,7 +376,7 @@ main(int argc, char **argv) goto done; } /* Make sure that files are made private. */ - umask(0700); + umask(0077); if (parse_commandline(argc, argv)) goto done; |