Added SELInux hacks and did some cleanups.

author: Werner Koch <[email protected]> 2004-10-13 18:10:06 +0000
committer: Werner Koch <[email protected]> 2004-10-13 18:10:06 +0000
commit: 151ca81f1a5a03ae83d9c14ab7748a2d3c09919e (patch)
tree: 38cc8933051a1e45cd3e95cd8cc66746290f7e31 /g10/exec.c
parent: Add dearmor.c (diff)
download: gnupg-151ca81f1a5a03ae83d9c14ab7748a2d3c09919e.tar.gz
gnupg-151ca81f1a5a03ae83d9c14ab7748a2d3c09919e.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/g10/exec.c b/g10/exec.c
index 5c51b3f9f..e3a6933d9 100644
--- a/g10/exec.c
+++ b/g10/exec.c
@@ -478,6 +478,12 @@ int exec_write(struct exec_info **info,const char *program,
 
   /* It's not fork/exec/pipe, so create a temp file */
   (*info)->tochild=fopen((*info)->tempfile_in,binary?"wb":"w");
+  if((*info)->tochild && is_secured_file (fileno ((*info)->tochild)))
+    {
+      fclose ((*info)->tochild);
+      (*info)->tochild = NULL;
+      errno = EPERM;
+    }
   if((*info)->tochild==NULL)
     {
       log_error(_("can't create file `%s': %s\n"),
@@ -545,6 +551,13 @@ int exec_read(struct exec_info *info)
       if(!info->writeonly)
 	{
 	  info->fromchild=iobuf_open(info->tempfile_out);
+          if (info->fromchild
+              && is_secured_file (iobuf_get_fd (info->fromchild)))
+            {
+              iobuf_close (info->fromchild);
+              info->fromchild = NULL;
+              errno = EPERM;
+            }
 	  if(info->fromchild==NULL)
 	    {
 	      log_error(_("unable to read external program response: %s\n"),
author	Werner Koch <[email protected]>	2004-10-13 18:10:06 +0000
committer	Werner Koch <[email protected]>	2004-10-13 18:10:06 +0000
commit	151ca81f1a5a03ae83d9c14ab7748a2d3c09919e (patch)
tree	38cc8933051a1e45cd3e95cd8cc66746290f7e31 /g10/exec.c
parent	Add dearmor.c (diff)
download	gnupg-151ca81f1a5a03ae83d9c14ab7748a2d3c09919e.tar.gz gnupg-151ca81f1a5a03ae83d9c14ab7748a2d3c09919e.zip