From 9624d92a65520b982f107ede35c085f9daee5fda Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 27 Jul 2021 12:04:52 +0200 Subject: secmod: use umask, as fchmod is undefined on sockets --- src/util/secmod_common.c | 26 +++++++++++++++----------- src/util/secmod_common.h | 3 +++ src/util/taler-exchange-secmod-eddsa.c | 4 ++++ src/util/taler-exchange-secmod-rsa.c | 2 ++ 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c index cc2def19f..2e73e44b1 100644 --- a/src/util/secmod_common.c +++ b/src/util/secmod_common.c @@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle * TES_open_socket (const char *unixpath) { int sock; + mode_t old_umask; + struct GNUNET_NETWORK_Handle *ret = NULL; + + /* Change permissions so that group read/writes are allowed. + * We need this for multi-user exchange deployment with privilege + * separation, where taler-exchange-httpd is part of a group + * that allows it to talk to secmod. + */ + old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH); sock = socket (PF_UNIX, SOCK_DGRAM, @@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath) { GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket"); - return NULL; + goto cleanup; } - /* Change permissions so that group read/writes are allowed. - * We need this for multi-user exchange deployment with privilege - * separation, where taler-exchange-httpd is part of a group - * that allows it to talk to secmod. - * - * Importantly, we do this before binding the socket. - */ - GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); { struct sockaddr_un un; @@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath) "bind", unixpath); GNUNET_break (0 == close (sock)); - return NULL; + goto cleanup; } + ret = GNUNET_NETWORK_socket_box_native (sock); } - return GNUNET_NETWORK_socket_box_native (sock); +cleanup: + (void) umask (old_umask); + return ret; } diff --git a/src/util/secmod_common.h b/src/util/secmod_common.h index c1eea655c..ca1270fa8 100644 --- a/src/util/secmod_common.h +++ b/src/util/secmod_common.h @@ -28,6 +28,9 @@ /** * Create the listen socket for a secmod daemon. * + * This function is not thread-safe, as it changes and + * restores the process umask. + * * @param unixpath socket path */ struct GNUNET_NETWORK_Handle * diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c index 8f9964439..ac4bfc61b 100644 --- a/src/util/taler-exchange-secmod-eddsa.c +++ b/src/util/taler-exchange-secmod-eddsa.c @@ -40,6 +40,7 @@ #include #include "taler_error_codes.h" #include "taler_signatures.h" +#include "secmod_common.h" /** @@ -1633,6 +1634,9 @@ main (int argc, }; int ret; + /* Restrict permissions for the key files that we create. */ + (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); + /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c index b6729b66b..3c1f81c26 100644 --- a/src/util/taler-exchange-secmod-rsa.c +++ b/src/util/taler-exchange-secmod-rsa.c @@ -2031,7 +2031,9 @@ main (int argc, }; int ret; + /* Restrict permissions for the key files that we create. */ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); + /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ -- cgit v1.2.3