r13191@catbus: nickm | 2007-06-03 19:38:18 -0400

 Set umask(0700) when starting tor-gencert; resolves bug 445.


svn:r10475

ChangeLog

@@ -3,6 +3,7 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
     - Create listener connections before we setuid to the configured User and
       Group.  This way, you can choose port values under 1024, start Tor as
       root, and have Tor bind those ports before it changes to another UID.
+    - tor-gencert creates all files visible to the file creator only.
 
   o Minor bugfixes (dns):
     - Fix a crash when DNSPort is set more than once. (Patch from Robert

src/common/crypto.c

@@ -566,6 +566,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
   s = tor_malloc(len+1);
   memcpy(s, cp, len);
   s[len]='\0';
+  /* XXXX020 make this file get created with mode 600. */
   r = write_str_to_file(fname, s, 0);
   BIO_free(bio);
   tor_free(s);

src/tools/tor-gencert.c

@@ -7,6 +7,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/objects.h>
@@ -354,6 +357,9 @@ main(int argc, char **argv)
     fprintf(stderr, "Couldn't seed RNG.\n");
     goto done;
   }
+  /* Make sure that files are made private. */
+  umask(0700);
+
   if (parse_commandline(argc, argv))
     goto done;
   if (load_identity_key())