summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/common/crypto.c1
-rw-r--r--src/common/util.c4
-rw-r--r--src/tools/tor-gencert.c28
3 files changed, 26 insertions, 7 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index d4059e0d75..bcb8a375a8 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -566,7 +566,6 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
s = tor_malloc(len+1);
memcpy(s, cp, len);
s[len]='\0';
- /* XXXX020 make this file get created with mode 600. */
r = write_str_to_file(fname, s, 0);
BIO_free(bio);
tor_free(s);
diff --git a/src/common/util.c b/src/common/util.c
index 74279cee7a..4c9370945d 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1371,7 +1371,9 @@ check_private_dir(const char *dirname, cpd_check_t check)
/** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite
* the previous <b>fname</b> if possible. Return 0 on success, -1 on failure.
*
- * This function replaces the old file atomically, if possible.
+ * This function replaces the old file atomically, if possible. This
+ * function, and all other functions in util.c that create files, create them
+ * with mode 0600.
*/
int
write_str_to_file(const char *fname, const char *str, int bin)
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index e4bc01df73..c879c9760c 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -9,6 +9,8 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -149,6 +151,7 @@ load_identity_key(void)
FILE *f;
if (make_new_id) {
+ int fd;
RSA *key;
if (status != FN_NOENT) {
log_err(LD_GENERAL, "--create-identity-key was specified, but %s "
@@ -168,8 +171,15 @@ load_identity_key(void)
return 1;
}
- if (!(f = fopen(identity_key_file, "w"))) {
- log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
+ if ((fd = open(identity_key_file, O_CREAT|O_EXCL|O_WRONLY, 0400))<0) {
+ log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s",
+ identity_key_file, strerror(errno));
+ return 1;
+ }
+
+ if (!(f = fdopen(fd, "w"))) {
+ close(fd);
+ log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s",
identity_key_file, strerror(errno));
return 1;
}
@@ -214,6 +224,7 @@ load_identity_key(void)
static int
generate_signing_key(void)
{
+ int fd;
FILE *f;
RSA *key;
log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.",
@@ -229,8 +240,15 @@ generate_signing_key(void)
return 1;
}
- if (!(f = fopen(signing_key_file, "w"))) {
- log_err(LD_GENERAL, "Couldn't open %s for reading: %s",
+ if ((fd = open(signing_key_file, O_CREAT|O_EXCL|O_WRONLY, 0600))<0) {
+ log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
+ signing_key_file, strerror(errno));
+ return 1;
+ }
+
+ if (!(f = fdopen(fd, "w"))) {
+ close(fd);
+ log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
signing_key_file, strerror(errno));
return 1;
}
@@ -358,7 +376,7 @@ main(int argc, char **argv)
goto done;
}
/* Make sure that files are made private. */
- umask(0700);
+ umask(0077);
if (parse_commandline(argc, argv))
goto done;