diff options
Diffstat (limited to '')
| -rw-r--r-- | agent/ChangeLog | 12 | ||||
| -rw-r--r-- | agent/command-ssh.c | 12 | ||||
| -rw-r--r-- | agent/findkey.c | 3 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 2 | ||||
| -rw-r--r-- | agent/trustlist.c | 4 |
5 files changed, 20 insertions, 13 deletions
diff --git a/agent/ChangeLog b/agent/ChangeLog index d5e17ef81..0c31fc5b7 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,6 +1,16 @@ +2010-08-26 Werner Koch <[email protected]> + + * command-ssh.c (open_control_file): Use estream to create the file. + + * findkey.c (agent_write_private_key): Explicitly create file with + mode 600. + * gpg-agent.c (main): Ditto. + * trustlist.c (agent_marktrusted): Explicitly create file with + mode 640. + 2010-08-16 Werner Koch <[email protected]> - * gpg-agent.c: Repalce remaining printf by es_printf. + * gpg-agent.c: Replace remaining printf by es_printf. 2010-08-11 Werner Koch <[email protected]> diff --git a/agent/command-ssh.c b/agent/command-ssh.c index f5e4eaa98..128cf5548 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -678,18 +678,16 @@ open_control_file (FILE **r_fp, int append) fp = fopen (fname, append? "a+":"r"); if (!fp && errno == ENOENT) { - /* Fixme: "x" is a GNU extension. We might want to use the es_ - functions here. */ - fp = fopen (fname, "wx"); - if (!fp) + estream_t stream = es_fopen (fname, "wx,mode=-rw-r"); + if (!stream) { - err = gpg_error (gpg_err_code_from_errno (errno)); + err = gpg_error_from_syserror (); log_error (_("can't create `%s': %s\n"), fname, gpg_strerror (err)); xfree (fname); return err; } - fputs (sshcontrolblurb, fp); - fclose (fp); + es_fputs (sshcontrolblurb, stream); + es_fclose (stream); fp = fopen (fname, append? "a+":"r"); } diff --git a/agent/findkey.c b/agent/findkey.c index db610c15a..5668aafbc 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -72,8 +72,7 @@ agent_write_private_key (const unsigned char *grip, return gpg_error (GPG_ERR_EEXIST); } - /* FIXME: On POSIX systems we used include S_IRGRP as well. */ - fp = es_fopen (fname, force? "wb" : "wbx"); + fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw"); if (!fp) { gpg_error_t tmperr = gpg_error_from_syserror (); diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index df5afad36..71b0274bb 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1100,7 +1100,7 @@ main (int argc, char **argv ) { estream_t fp; - fp = es_fopen (env_file_name, "w"); + fp = es_fopen (env_file_name, "w,mode=-rw"); if (!fp) log_error (_("error creating `%s': %s\n"), env_file_name, strerror (errno)); diff --git a/agent/trustlist.c b/agent/trustlist.c index 0e7e0e114..791df9682 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -691,7 +691,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) fname = make_filename (opt.homedir, "trustlist.txt", NULL); if ( access (fname, F_OK) && errno == ENOENT) { - fp = es_fopen (fname, "wx"); + fp = es_fopen (fname, "wx,mode=-rw-r"); if (!fp) { err = gpg_error_from_syserror (); @@ -705,7 +705,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) es_fputs (headerblurb, fp); es_fclose (fp); } - fp = es_fopen (fname, "a+"); + fp = es_fopen (fname, "a+,mode=-rw-r"); if (!fp) { err = gpg_error_from_syserror (); |