summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-27 12:04:52 +0200
committerFlorian Dold <florian@dold.me>2021-07-27 12:04:52 +0200
commit9624d92a65520b982f107ede35c085f9daee5fda (patch)
tree593869d30eb733bd71b4a0b20f5cbf27a627ab12
parent32f3391be100622a79c40fdce7dcec44418da34c (diff)
downloadexchange-9624d92a65520b982f107ede35c085f9daee5fda.tar.gz
exchange-9624d92a65520b982f107ede35c085f9daee5fda.tar.bz2
exchange-9624d92a65520b982f107ede35c085f9daee5fda.zip
secmod: use umask, as fchmod is undefined on sockets
-rw-r--r--src/util/secmod_common.c26
-rw-r--r--src/util/secmod_common.h3
-rw-r--r--src/util/taler-exchange-secmod-eddsa.c4
-rw-r--r--src/util/taler-exchange-secmod-rsa.c2
4 files changed, 24 insertions, 11 deletions
diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c
index cc2def19f..2e73e44b1 100644
--- a/src/util/secmod_common.c
+++ b/src/util/secmod_common.c
@@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle *
TES_open_socket (const char *unixpath)
{
int sock;
+ mode_t old_umask;
+ struct GNUNET_NETWORK_Handle *ret = NULL;
+
+ /* Change permissions so that group read/writes are allowed.
+ * We need this for multi-user exchange deployment with privilege
+ * separation, where taler-exchange-httpd is part of a group
+ * that allows it to talk to secmod.
+ */
+ old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);
sock = socket (PF_UNIX,
SOCK_DGRAM,
@@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath)
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
"socket");
- return NULL;
+ goto cleanup;
}
- /* Change permissions so that group read/writes are allowed.
- * We need this for multi-user exchange deployment with privilege
- * separation, where taler-exchange-httpd is part of a group
- * that allows it to talk to secmod.
- *
- * Importantly, we do this before binding the socket.
- */
- GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
{
struct sockaddr_un un;
@@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath)
"bind",
unixpath);
GNUNET_break (0 == close (sock));
- return NULL;
+ goto cleanup;
}
+ ret = GNUNET_NETWORK_socket_box_native (sock);
}
- return GNUNET_NETWORK_socket_box_native (sock);
+cleanup:
+ (void) umask (old_umask);
+ return ret;
}
diff --git a/src/util/secmod_common.h b/src/util/secmod_common.h
index c1eea655c..ca1270fa8 100644
--- a/src/util/secmod_common.h
+++ b/src/util/secmod_common.h
@@ -28,6 +28,9 @@
/**
* Create the listen socket for a secmod daemon.
*
+ * This function is not thread-safe, as it changes and
+ * restores the process umask.
+ *
* @param unixpath socket path
*/
struct GNUNET_NETWORK_Handle *
diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c
index 8f9964439..ac4bfc61b 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -40,6 +40,7 @@
#include <sys/eventfd.h>
#include "taler_error_codes.h"
#include "taler_signatures.h"
+#include "secmod_common.h"
/**
@@ -1633,6 +1634,9 @@ main (int argc,
};
int ret;
+ /* Restrict permissions for the key files that we create. */
+ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c
index b6729b66b..3c1f81c26 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -2031,7 +2031,9 @@ main (int argc,
};
int ret;
+ /* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */