diff options
| author | Werner Koch <[email protected]> | 2014-06-25 18:25:28 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-06-30 07:12:48 +0000 |
| commit | c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (patch) | |
| tree | 07987f47300ad446063273961acf0437af24a2d2 /common/iobuf.c | |
| parent | common: Minor code cleanup for a legacy OS. (diff) | |
| download | gnupg-c434de4d83ccfaca8bde51de5c2ac8d9656e4e18.tar.gz gnupg-c434de4d83ccfaca8bde51de5c2ac8d9656e4e18.zip | |
gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
Diffstat (limited to '')
| -rw-r--r-- | common/iobuf.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/common/iobuf.c b/common/iobuf.c index d6862105f..3c68ce59c 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname) static gnupg_fd_t -direct_open (const char *fname, const char *mode) +direct_open (const char *fname, const char *mode, int mode700) { #ifdef HAVE_W32_SYSTEM unsigned long da, cd, sm; @@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode) #else /*!HAVE_W32_SYSTEM*/ int oflag; - int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; + int cflag = S_IRUSR | S_IWUSR; + + if (!mode700) + cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; /* Note, that we do not handle all mode combinations */ if (strchr (mode, '+')) @@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode) } if (DBG_IOBUF) log_debug ("fd_cache_open (%s) not cached\n", fname); - return direct_open (fname, mode); + return direct_open (fname, mode, 0); } @@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode) } /**************** - * create an iobuf for writing to a file; the file will be created. + * Create an iobuf for writing to a file; the file will be created. + * With MODE700 set the file is created with that mode (Unix only). */ iobuf_t -iobuf_create (const char *fname) +iobuf_create (const char *fname, int mode700) { iobuf_t a; gnupg_fd_t fp; @@ -1445,7 +1449,7 @@ iobuf_create (const char *fname) } else if ((fd = check_special_filename (fname)) != -1) return iobuf_fdopen (translate_file_handle (fd, 1), "wb"); - else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD) + else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD) return NULL; a = iobuf_alloc (2, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + strlen (fname)); @@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname) if (!fname) return NULL; - else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD) + else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD) return NULL; a = iobuf_alloc (2, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + strlen (fname)); |