secmod: use umask, as fchmod is undefined on sockets

2021-07-27 12:04:52 +02:00 · 2021-07-27 12:04:52 +02:00 · 9624d92a65
commit 9624d92a65
parent 32f3391be1
4 changed files with 24 additions and 11 deletions
--- a/src/util/secmod_common.c
+++ b/src/util/secmod_common.c
@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle *
 TES_open_socket (const char *unixpath)
 {
  int sock;
+  mode_t old_umask;
+  struct GNUNET_NETWORK_Handle *ret = NULL;
+
+  /* Change permissions so that group read/writes are allowed.
+   * We need this for multi-user exchange deployment with privilege
+   * separation, where taler-exchange-httpd is part of a group
+   * that allows it to talk to secmod.
+   */
+  old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);

  sock = socket (PF_UNIX,
                 SOCK_DGRAM,
@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath)
  {
    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
                         "socket");
-    return NULL;
+    goto cleanup;
  }
-  /* Change permissions so that group read/writes are allowed.
-   * We need this for multi-user exchange deployment with privilege
-   * separation, where taler-exchange-httpd is part of a group
-   * that allows it to talk to secmod.
-   *
-   * Importantly, we do this before binding the socket.
-   */
-  GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
  {
    struct sockaddr_un un;

@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath)
                                "bind",
                                unixpath);
      GNUNET_break (0 == close (sock));
-      return NULL;
+      goto cleanup;
    }
+    ret = GNUNET_NETWORK_socket_box_native (sock);
  }
-  return GNUNET_NETWORK_socket_box_native (sock);
+cleanup:
+  (void) umask (old_umask);
+  return ret;
 }
--- a/src/util/secmod_common.h
+++ b/src/util/secmod_common.h
@ -28,6 +28,9 @@
 /**
 * Create the listen socket for a secmod daemon.
 *
+ * This function is not thread-safe, as it changes and
+ * restores the process umask.
+ *
 * @param unixpath socket path
 */
 struct GNUNET_NETWORK_Handle *
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@ -40,6 +40,7 @@
 #include <sys/eventfd.h>
 #include "taler_error_codes.h"
 #include "taler_signatures.h"
+#include "secmod_common.h"


 /**
@ -1633,6 +1634,9 @@ main (int argc,
  };
  int ret;

+  /* Restrict permissions for the key files that we create. */
+  (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
  /* force linker to link against libtalerutil; if we do
   not do this, the linker may "optimize" libtalerutil
   away and skip #TALER_OS_init(), which we do need */
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@ -2031,7 +2031,9 @@ main (int argc,
  };
  int ret;

+  /* Restrict permissions for the key files that we create. */
  (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+
  /* force linker to link against libtalerutil; if we do
   not do this, the linker may "optimize" libtalerutil
   away and skip #TALER_OS_init(), which we do need */