taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

secmod: use umask, as fchmod is undefined on sockets

Browse Source
This commit is contained in:
Florian Dold 2021-07-27 12:04:52 +02:00
parent 32f3391be1
commit 9624d92a65
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
4 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/util/secmod_common.c
View File

@ -26,6 +26,15 @@ struct GNUNET_NETWORK_Handle *
TES_open_socket (const char *unixpath) TES_open_socket (const char *unixpath)
{ {
int sock; int sock;
mode_t old_umask;
struct GNUNET_NETWORK_Handle *ret = NULL;
/* Change permissions so that group read/writes are allowed.
* We need this for multi-user exchange deployment with privilege
* separation, where taler-exchange-httpd is part of a group
* that allows it to talk to secmod.
*/
old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);
sock = socket (PF_UNIX, sock = socket (PF_UNIX,
SOCK_DGRAM, SOCK_DGRAM,
@ -34,16 +43,8 @@ TES_open_socket (const char *unixpath)
{ {
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
"socket"); "socket");
return NULL; goto cleanup;
} }
/* Change permissions so that group read/writes are allowed.
* We need this for multi-user exchange deployment with privilege
* separation, where taler-exchange-httpd is part of a group
* that allows it to talk to secmod.
*
* Importantly, we do this before binding the socket.
*/
GNUNET_assert (0 == fchmod (sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
{ {
struct sockaddr_un un; struct sockaddr_un un;
@ -76,8 +77,11 @@ TES_open_socket (const char *unixpath)
"bind", "bind",
unixpath); unixpath);
GNUNET_break (0 == close (sock)); GNUNET_break (0 == close (sock));
return NULL; goto cleanup;
} }
ret = GNUNET_NETWORK_socket_box_native (sock);
} }
return GNUNET_NETWORK_socket_box_native (sock); cleanup:
(void) umask (old_umask);
return ret;
} }

3
src/util/secmod_common.h
View File

@ -28,6 +28,9 @@
/** /**
* Create the listen socket for a secmod daemon. * Create the listen socket for a secmod daemon.
* *
* This function is not thread-safe, as it changes and
* restores the process umask.
*
* @param unixpath socket path * @param unixpath socket path
*/ */
struct GNUNET_NETWORK_Handle * struct GNUNET_NETWORK_Handle *

4
src/util/taler-exchange-secmod-eddsa.c
View File

@ -40,6 +40,7 @@
#include <sys/eventfd.h> #include <sys/eventfd.h>
#include "taler_error_codes.h" #include "taler_error_codes.h"
#include "taler_signatures.h" #include "taler_signatures.h"
#include "secmod_common.h"
/** /**
@ -1633,6 +1634,9 @@ main (int argc,
}; };
int ret; int ret;
/* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
/* force linker to link against libtalerutil; if we do /* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */ away and skip #TALER_OS_init(), which we do need */

2
src/util/taler-exchange-secmod-rsa.c
View File

@ -2031,7 +2031,9 @@ main (int argc,
}; };
int ret; int ret;
/* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
/* force linker to link against libtalerutil; if we do /* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */ away and skip #TALER_OS_init(), which we do need */