소스 검색

r13191@catbus: nickm | 2007-06-03 19:38:18 -0400
Set umask(0700) when starting tor-gencert; resolves bug 445.


svn:r10475

Nick Mathewson 18 년 전
부모
커밋
cb0324c400
3개의 변경된 파일8개의 추가작업 그리고 0개의 파일을 삭제
  1. 1 0
      ChangeLog
  2. 1 0
      src/common/crypto.c
  3. 6 0
      src/tools/tor-gencert.c

+ 1 - 0
ChangeLog

@@ -3,6 +3,7 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
     - Create listener connections before we setuid to the configured User and
       Group.  This way, you can choose port values under 1024, start Tor as
       root, and have Tor bind those ports before it changes to another UID.
+    - tor-gencert creates all files visible to the file creator only.
 
   o Minor bugfixes (dns):
     - Fix a crash when DNSPort is set more than once. (Patch from Robert

+ 1 - 0
src/common/crypto.c

@@ -566,6 +566,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
   s = tor_malloc(len+1);
   memcpy(s, cp, len);
   s[len]='\0';
+  /* XXXX020 make this file get created with mode 600. */
   r = write_str_to_file(fname, s, 0);
   BIO_free(bio);
   tor_free(s);

+ 6 - 0
src/tools/tor-gencert.c

@@ -7,6 +7,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/objects.h>
@@ -354,6 +357,9 @@ main(int argc, char **argv)
     fprintf(stderr, "Couldn't seed RNG.\n");
     goto done;
   }
+  /* Make sure that files are made private. */
+  umask(0700);
+
   if (parse_commandline(argc, argv))
     goto done;
   if (load_identity_key())