From f294ce2d8bf0d674397475777b4ac7f02787a5fb Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 14 Oct 2004 10:48:15 +0000 Subject: * export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow secret key export. * import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise --- g10/ChangeLog | 4 ++++ g10/export.c | 8 ++++++++ g10/import.c | 11 +++++++++++ 3 files changed, 23 insertions(+) diff --git a/g10/ChangeLog b/g10/ChangeLog index 7d7b64370..bbae614c6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,9 @@ 2004-10-14 Werner Koch + * export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow + secret key export. + * import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise + * misc.c (is_secured_filename): New. * keydb.c (maybe_create_keyring) * tdbio.c (tdbio_set_dbname) diff --git a/g10/export.c b/g10/export.c index 9ac12e111..1227b1f58 100644 --- a/g10/export.c +++ b/g10/export.c @@ -171,6 +171,14 @@ do_export_stream( IOBUF out, STRLIST users, int secret, do this we need an extra flag to enable this feature so */ } +#ifdef ENABLE_SELINUX_HACKS + if (secret) { + log_error (_("exporting secret keys not allowed\n")); + rc = G10ERR_GENERAL; + goto leave; + } +#endif + while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) { int sha1_warned=0,skip_until_subkey=0; u32 sk_keyid[2]; diff --git a/g10/import.c b/g10/import.c index 9586ba314..dc7ef5b9a 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1055,6 +1055,17 @@ import_secret_one( const char *fname, KBNODE keyblock, return 0; } +#ifdef ENABLE_SELINUX_HACKS + if (1) + { + /* We don't allow to import secret keys because that may be used + to put a secret key into the keyring and the user might later + be tricked into signing stuff with that key. */ + log_error (_("importing secret keys not allowed\n")); + return 0; + } +#endif + clear_kbnode_flags( keyblock ); /* do we have this key already in one of our secrings ? */ -- cgit v1.2.3