5 files changed, 71 insertions, 61 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index b240e9c18..6fd61f373 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,18 @@
 2002-08-08  David Shaw  <[email protected]>
 
+	* options.skel: Some language tweaks, and remove the
+	load-extension section for random gatherers.
+
+	* keyring.c (create_tmp_file, rename_tmp_file): Create tmp files
+	with user-only permissions, but restore the original permissions
+	if the user has something special set.
+
+	* openfile.c (copy_options_file): Create new options file
+	(gpg.conf) with user-only permissions.
+
+	* keydb.c (keydb_add_resource): Create new keyrings with user-only
+	permissions.
+
 	* tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only
 	permissions.
 
diff --git a/g10/keydb.c b/g10/keydb.c
index eb94ef363..d8dd83fe6 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -147,6 +147,7 @@ keydb_add_resource (const char *url, int force, int secret)
       case KEYDB_RESOURCE_TYPE_KEYRING:
         if (access(filename, F_OK))
           { /* file does not exist */
+	    mode_t oldmask;
 	    char *last_slash_in_filename;
 
             if (!force) 
@@ -169,7 +170,9 @@ keydb_add_resource (const char *url, int force, int secret)
               }
 	    *last_slash_in_filename = DIRSEP_C;
 
+	    oldmask=umask(077);
 	    iobuf = iobuf_create (filename);
+	    umask(oldmask);
 	    if (!iobuf) 
               {
 		log_error ( _("error creating keyring `%s': %s\n"),
@@ -178,19 +181,6 @@ keydb_add_resource (const char *url, int force, int secret)
 		goto leave;
               }
 
-#ifndef HAVE_DOSISH_SYSTEM
-            if (secret && !opt.preserve_permissions) 
-              {
-                if (chmod (filename, S_IRUSR | S_IWUSR) ) 
-                  {
-                    log_error (_("changing permission of "
-                                 " `%s' failed: %s\n"),
-                               filename, strerror(errno) );
-                    rc = G10ERR_WRITE_FILE;
-                    goto leave;
-                  }
-              }
-#endif
             if (!opt.quiet)
               log_info (_("keyring `%s' created\n"), filename);
             iobuf_close (iobuf);
diff --git a/g10/keyring.c b/g10/keyring.c
index f75a79dfe..b084aa8af 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1132,6 +1132,7 @@ create_tmp_file (const char *template,
                  char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
 {  
   char *bakfname, *tmpfname;
+  mode_t oldmask;
 
   *r_bakfname = NULL;
   *r_tmpfname = NULL;
@@ -1169,7 +1170,10 @@ create_tmp_file (const char *template,
     strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
 # endif /* Posix filename */
 
+    /* Create the temp file with limited access */
+    oldmask=umask(077);
     *r_fp = iobuf_create (tmpfname);
+    umask(oldmask);
     if (!*r_fp) {
 	log_error ("can't create `%s': %s\n", tmpfname, strerror(errno) );
         m_free (tmpfname);
@@ -1189,19 +1193,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 {
   int rc=0;
 
-  /* restrict the permissions for secret keyrings */
-#ifndef HAVE_DOSISH_SYSTEM
-  if (secret && !opt.preserve_permissions)
-    {
-      if (chmod (tmpfname, S_IRUSR | S_IWUSR) ) 
-        {
-          log_error ("chmod of `%s' failed: %s\n",
-                     tmpfname, strerror(errno) );
-          return G10ERR_WRITE_FILE;
-	}
-    }
-#endif
-
   /* invalidate close caches*/
   iobuf_ioctl (NULL, 2, 0, (char*)tmpfname );
   iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
@@ -1241,6 +1232,24 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
       return rc;
     }
 
+  /* Now make sure the file has the same permissions as the original */
+
+#ifndef HAVE_DOSISH_SYSTEM
+  {
+    struct stat statbuf;
+
+    statbuf.st_mode=S_IRUSR | S_IWUSR;
+
+    if(((secret && !opt.preserve_permissions) ||
+	(stat(bakfname,&statbuf)==0)) &&
+       (chmod(fname,statbuf.st_mode)==0))
+      ;
+    else
+      log_error("WARNING: unable to restore permissions to `%s': %s",
+		fname,strerror(errno));
+  }
+#endif
+
   return 0;
 }
 
@@ -1430,8 +1439,11 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
     if (mode == 1 && !fp && errno == ENOENT) { 
 	/* insert mode but file does not exist: create a new file */
 	KBNODE kbctx, node;
+	mode_t oldmask;
 
+	oldmask=umask(077);
 	newfp = iobuf_create (fname);
+	umask(oldmask);
 	if( !newfp ) {
 	    log_error (_("%s: can't create: %s\n"),
                        fname, strerror(errno));
@@ -1453,10 +1465,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
 	    log_error ("%s: close failed: %s\n", fname, strerror(errno));
 	    return G10ERR_CLOSE_FILE;
 	}
-	if (chmod( fname, S_IRUSR | S_IWUSR )) {
-	    log_error("%s: chmod failed: %s\n", fname, strerror(errno) );
-	    return G10ERR_WRITE_FILE;
-	}
 	return 0; /* ready */
     }
 
diff --git a/g10/openfile.c b/g10/openfile.c
index 083ec93bf..2b6bf9a21 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -289,6 +289,7 @@ copy_options_file( const char *destdir )
     FILE *src, *dst;
     int linefeeds=0;
     int c;
+    mode_t oldmask;
 
     if( opt.dry_run )
 	return;
@@ -302,7 +303,9 @@ copy_options_file( const char *destdir )
 	return;
     }
     strcpy(stpcpy(fname, destdir), DIRSEP_S "gpg" EXTSEP_S "conf" );
+    oldmask=umask(077);
     dst = fopen( fname, "w" );
+    umask(oldmask);
     if( !dst ) {
 	log_error(_("%s: can't create: %s\n"), fname, strerror(errno) );
 	fclose( src );
diff --git a/g10/options.skel b/g10/options.skel
index ff0eb4d80..79718783a 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -12,43 +12,45 @@ $Id$
 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 #
-# Unless you you specify which option file to use (with the
-# command line option "--options filename"), GnuPG uses the
-# file ~/.gnupg/gpg.conf by default.
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
+# by default.
 #
-# An option file can contain all long options which are
-# available in GnuPG. If the first non white space character of
-# a line is a '#', this line is ignored.  Empty lines are also
-# ignored.
+# An options file can contain any long options which are available in
+# GnuPG. If the first non white space character of a line is a '#',
+# this line is ignored.  Empty lines are also ignored.
 #
 # See the man page for a list of options.
 
-# Uncomment the next line to get rid of the copyright notice
+# Uncomment the following option to get rid of the copyright notice
+
 #no-greeting
 
-# If you have more than 1 secret key in your keyring, you may want
-# to uncomment the following option and set your preferred keyid
+# If you have more than 1 secret key in your keyring, you may want to
+# uncomment the following option and set your preferred keyid.
 
 #default-key 621CC013
 
-
-# If you do not pass a recipient to gpg, it will ask for one.
-# Using this option you can encrypt to a default key.  key validation
-# will not be done in this case.
-# The second form uses the default key as default recipient.
+# If you do not pass a recipient to gpg, it will ask for one.  Using
+# this option you can encrypt to a default key.  Key validation will
+# not be done in this case.  The second form uses the default key as
+# default recipient.
 
 #default-recipient some-user-id
 #default-recipient-self
 
 # By default GnuPG creates version 3 signatures for data files.  This
-# is not OpenPGP compliant but PGP 6 requires them.  To disable it,
-# you may use this option or --openpgp.
+# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP
+# 7 require them.  To disable this behavior, you may use this option
+# or --openpgp.
+
 #no-force-v3-sigs
 
 # Because some mailers change lines starting with "From " to ">From "
 # it is good to handle such lines in a special way when creating
 # cleartext signatures; all other PGP versions do it this way too.
 # To enable full OpenPGP compliance you may want to use this option.
+
 #no-escape-from-lines
 
 # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
@@ -67,21 +69,13 @@ $Id$
 # "0x12345678".  Note there is only one level of expansion - you
 # cannot make an group that points to another group.  Note if there
 # are spaces in the recipient name, this will appear as two
-# recipients.  In this case, it is better to use the key ID.
+# recipients.  In these cases it is better to use the key ID.
 
-# lock the file only once for the lifetime of a process.
-# if you do not define this, the lock will be obtained and released
-# every time it is needed - normally this is not needed.
-lock-once
+# Lock the file only once for the lifetime of a process.  If you do
+# not define this, the lock will be obtained and released every time
+# it is needed - normally this is not needed.
 
-# If you have configured GnuPG without a random gatherer
-# (./configure --enable-static-rnd=none), you have to
-# uncomment _one_ of the following lines.  These
-# extensions won't get used if you have a random gatherer
-# compiled in (which is the default for GNU and xxxBSD systems)
-#load-extension rndlinux
-#load-extension rndunix
-#load-extension rndegd
+lock-once
 
 # GnuPG can send and receive keys to and from a keyserver.  These
 # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
@@ -144,7 +138,9 @@ lock-once
 
 #keyserver-options auto-key-retrieve include-disabled include-revoked
 
-# Uncomment this line to display photo user IDs in key listings
+# Uncomment this line to display photo user IDs in key listings and
+# when a signature from a key with a photo is verified.
+
 #show-photos
 
 # Use this program to display photo user IDs