[taler-exchange] branch master updated: secmod: use umask, as fchmod is

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-exchange] branch master updated: secmod: use umask, as fchmod is

From:	gnunet
Subject:	[taler-exchange] branch master updated: secmod: use umask, as fchmod is undefined on sockets
Date:	Tue, 27 Jul 2021 12:04:58 +0200

This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 9624d92a secmod: use umask, as fchmod is undefined on sockets
9624d92a is described below

commit 9624d92a65520b982f107ede35c085f9daee5fda
Author: Florian Dold <florian@dold.me>
AuthorDate: Tue Jul 27 12:04:52 2021 +0200

    secmod: use umask, as fchmod is undefined on sockets
---
 src/util/secmod_common.c               | 26 +++++++++++++++-----------
 src/util/secmod_common.h               |  3 +++
 src/util/taler-exchange-secmod-eddsa.c |  4 ++++
 src/util/taler-exchange-secmod-rsa.c   |  2 ++
 4 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c
index cc2def19..2e73e44b 100644
--- a/src/util/secmod_common.c
+++ b/src/util/secmod_common.c
@@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle *
 TES_open_socket (const char *unixpath)
 {
   int sock;
+  mode_t old_umask;
+  struct GNUNET_NETWORK_Handle *ret = NULL;
+
+  /* Change permissions so that group read/writes are allowed.
+   * We need this for multi-user exchange deployment with privilege
+   * separation, where taler-exchange-httpd is part of a group
+   * that allows it to talk to secmod.
+   */
+  old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);
 
   sock = socket (PF_UNIX,
                  SOCK_DGRAM,
@@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath)
   {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
                          "socket");
-    return NULL;
+    goto cleanup;
   }
-  /* Change permissions so that group read/writes are allowed.
-   * We need this for multi-user exchange deployment with privilege
-   * separation, where taler-exchange-httpd is part of a group
-   * that allows it to talk to secmod.
-   *
-   * Importantly, we do this before binding the socket.
-   */
-  GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
   {
     struct sockaddr_un un;
 
@@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath)
                                 "bind",
                                 unixpath);
       GNUNET_break (0 == close (sock));
-      return NULL;
+      goto cleanup;
     }
+    ret = GNUNET_NETWORK_socket_box_native (sock);
   }
-  return GNUNET_NETWORK_socket_box_native (sock);
+cleanup:
+  (void) umask (old_umask);
+  return ret;
 }
diff --git a/src/util/secmod_common.h b/src/util/secmod_common.h
index c1eea655..ca1270fa 100644
--- a/src/util/secmod_common.h
+++ b/src/util/secmod_common.h
@@ -28,6 +28,9 @@
 /**
  * Create the listen socket for a secmod daemon.
  *
+ * This function is not thread-safe, as it changes and
+ * restores the process umask.
+ *
  * @param unixpath socket path
  */
 struct GNUNET_NETWORK_Handle *
diff --git a/src/util/taler-exchange-secmod-eddsa.c 
b/src/util/taler-exchange-secmod-eddsa.c
index 8f996443..ac4bfc61 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -40,6 +40,7 @@
 #include <sys/eventfd.h>
 #include "taler_error_codes.h"
 #include "taler_signatures.h"
+#include "secmod_common.h"
 
 
 /**
@@ -1633,6 +1634,9 @@ main (int argc,
   };
   int ret;
 
+  /* Restrict permissions for the key files that we create. */
+  (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
   /* force linker to link against libtalerutil; if we do
    not do this, the linker may "optimize" libtalerutil
    away and skip #TALER_OS_init(), which we do need */
diff --git a/src/util/taler-exchange-secmod-rsa.c 
b/src/util/taler-exchange-secmod-rsa.c
index b6729b66..3c1f81c2 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -2031,7 +2031,9 @@ main (int argc,
   };
   int ret;
 
+  /* Restrict permissions for the key files that we create. */
   (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
   /* force linker to link against libtalerutil; if we do
    not do this, the linker may "optimize" libtalerutil
    away and skip #TALER_OS_init(), which we do need */

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-exchange] branch master updated: secmod: use umask, as fchmod is undefined on sockets, gnunet <=

Prev by Date: [taler-deployment] branch master updated: integration tests deps
Next by Date: [taler-deployment] branch master updated: bootstrapping wallet worker
Previous by thread: [taler-deployment] branch master updated: installing Libeufin along integration tests
Next by thread: [taler-deployment] branch master updated: bootstrapping wallet worker
Index(es):
- Date
- Thread