From 8ed85ef3de9cdeee86e281a8b46be1bd49a36e7a Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 9 Sep 2020 20:33:06 +0200
Subject: agent: Keep some permissions of private-keys-v1.d.

* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
---
 agent/gpg-agent.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'agent')

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index bbad80074..f167c96db 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2273,10 +2273,20 @@ create_private_keys_directory (const char *home)
                    fname, strerror (errno) );
       else if (!opt.quiet)
         log_info (_("directory '%s' created\n"), fname);
+
+      if (gnupg_chmod (fname, "-rwx"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
+    }
+  else
+    {
+      /* The file exists or another error.  Make sure we have sensible
+       * permissions.  We enforce rwx for user but keep existing group
+       * permissions.  Permissions for other are always cleared.  */
+      if (gnupg_chmod (fname, "-rwx...---"))
+        log_error (_("can't set permissions of '%s': %s\n"),
+                   fname, strerror (errno));
     }
-  if (gnupg_chmod (fname, "-rwx"))
-    log_error (_("can't set permissions of '%s': %s\n"),
-               fname, strerror (errno));
   xfree (fname);
 }
 
-- 
cgit v1.2.3