diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common/crypto.c | 1 | ||||
-rw-r--r-- | src/common/util.c | 4 | ||||
-rw-r--r-- | src/tools/tor-gencert.c | 28 |
3 files changed, 26 insertions, 7 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index d4059e0d75..bcb8a375a8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -566,7 +566,6 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s = tor_malloc(len+1); memcpy(s, cp, len); s[len]='\0'; - /* XXXX020 make this file get created with mode 600. */ r = write_str_to_file(fname, s, 0); BIO_free(bio); tor_free(s); diff --git a/src/common/util.c b/src/common/util.c index 74279cee7a..4c9370945d 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1371,7 +1371,9 @@ check_private_dir(const char *dirname, cpd_check_t check) /** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite * the previous <b>fname</b> if possible. Return 0 on success, -1 on failure. * - * This function replaces the old file atomically, if possible. + * This function replaces the old file atomically, if possible. This + * function, and all other functions in util.c that create files, create them + * with mode 0600. */ int write_str_to_file(const char *fname, const char *str, int bin) diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e4bc01df73..c879c9760c 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -9,6 +9,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> #include <openssl/evp.h> #include <openssl/pem.h> @@ -149,6 +151,7 @@ load_identity_key(void) FILE *f; if (make_new_id) { + int fd; RSA *key; if (status != FN_NOENT) { log_err(LD_GENERAL, "--create-identity-key was specified, but %s " @@ -168,8 +171,15 @@ load_identity_key(void) return 1; } - if (!(f = fopen(identity_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + if ((fd = open(identity_key_file, O_CREAT|O_EXCL|O_WRONLY, 0400))<0) { + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", + identity_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't fdopen %s for writing: %s", identity_key_file, strerror(errno)); return 1; } @@ -214,6 +224,7 @@ load_identity_key(void) static int generate_signing_key(void) { + int fd; FILE *f; RSA *key; log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.", @@ -229,8 +240,15 @@ generate_signing_key(void) return 1; } - if (!(f = fopen(signing_key_file, "w"))) { - log_err(LD_GENERAL, "Couldn't open %s for reading: %s", + if ((fd = open(signing_key_file, O_CREAT|O_EXCL|O_WRONLY, 0600))<0) { + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", + signing_key_file, strerror(errno)); + return 1; + } + + if (!(f = fdopen(fd, "w"))) { + close(fd); + log_err(LD_GENERAL, "Couldn't open %s for writing: %s", signing_key_file, strerror(errno)); return 1; } @@ -358,7 +376,7 @@ main(int argc, char **argv) goto done; } /* Make sure that files are made private. */ - umask(0700); + umask(0077); if (parse_commandline(argc, argv)) goto done; |