[or-cvs] r10475: Set umask(0700) when starting tor-gencert; resolves bug 445. (in tor/trunk: . src/common src/tools)

nickm at seul.org nickm at seul.org
Sun Jun 3 23:38:20 UTC 2007 

Author: nickm
Date: 2007-06-03 19:38:20 -0400 (Sun, 03 Jun 2007)
New Revision: 10475

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/common/crypto.c
   tor/trunk/src/tools/tor-gencert.c
Log:
 r13191 at catbus:  nickm | 2007-06-03 19:38:18 -0400
 Set umask(0700) when starting tor-gencert; resolves bug 445.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r13191] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-06-03 23:08:07 UTC (rev 10474)
+++ tor/trunk/ChangeLog	2007-06-03 23:38:20 UTC (rev 10475)
@@ -3,6 +3,7 @@
     - Create listener connections before we setuid to the configured User and
       Group.  This way, you can choose port values under 1024, start Tor as
       root, and have Tor bind those ports before it changes to another UID.
+    - tor-gencert creates all files visible to the file creator only.
 
   o Minor bugfixes (dns):
     - Fix a crash when DNSPort is set more than once. (Patch from Robert

Modified: tor/trunk/src/common/crypto.c
===================================================================
--- tor/trunk/src/common/crypto.c	2007-06-03 23:08:07 UTC (rev 10474)
+++ tor/trunk/src/common/crypto.c	2007-06-03 23:38:20 UTC (rev 10475)
@@ -566,6 +566,7 @@
   s = tor_malloc(len+1);
   memcpy(s, cp, len);
   s[len]='\0';
+  /* XXXX020 make this file get created with mode 600. */
   r = write_str_to_file(fname, s, 0);
   BIO_free(bio);
   tor_free(s);

Modified: tor/trunk/src/tools/tor-gencert.c
===================================================================
--- tor/trunk/src/tools/tor-gencert.c	2007-06-03 23:08:07 UTC (rev 10474)
+++ tor/trunk/src/tools/tor-gencert.c	2007-06-03 23:38:20 UTC (rev 10475)
@@ -7,6 +7,9 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/objects.h>
@@ -354,6 +357,9 @@
     fprintf(stderr, "Couldn't seed RNG.\n");
     goto done;
   }
+  /* Make sure that files are made private. */
+  umask(0700);
+
   if (parse_commandline(argc, argv))
     goto done;
   if (load_identity_key())

More information about the tor-commits mailing list