[git] GnuPG - branch, master, updated. gnupg-2.1.12-65-g8127043
by Werner Koch
cvs at cvs.gnupg.org
Wed Jun 8 16:19:52 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 8127043d549a5843ea1ba2dc6da4906fc2258d53 (commit)
from 6790115fd9059e066b4e6feb6b1e3876a1c1d522 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8127043d549a5843ea1ba2dc6da4906fc2258d53
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 8 16:18:02 2016 +0200
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 538ff08..90b0eaf 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1865,6 +1865,10 @@ create_server_socket (char *name, int primary, int cygwin,
agent_exit (2);
}
+ if (gnupg_chmod (unaddr->sun_path, "-rwx"))
+ log_error (_("can't set permissions of '%s': %s\n"),
+ unaddr->sun_path, strerror (errno));
+
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
diff --git a/common/sysutils.c b/common/sysutils.c
index d82eb8e..0f7b7f5 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -628,7 +628,7 @@ gnupg_mkdir (const char *name, const char *modestr)
}
-/* A wrapper around mkdir which takes a string for the mode argument.
+/* A wrapper around chmod which takes a string for the mode argument.
This makes it easier to handle the mode argument which is not
defined on all systems. The format of the modestring is the same
as for gnupg_mkdir. */
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index bc71a40..7e629db 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1183,6 +1183,10 @@ main (int argc, char **argv)
}
cleanup_socket = 1;
+ if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
+ log_error (_("can't set permissions of '%s': %s\n"),
+ serv_addr.sun_path, strerror (errno));
+
if (listen (FD2INT (fd), 5) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 8303acc..9c11cad 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -1112,6 +1112,10 @@ create_server_socket (const char *name, char **r_redir_name,
scd_exit (2);
}
+ if (gnupg_chmod (unaddr->sun_path, "-rwx"))
+ log_error (_("can't set permissions of '%s': %s\n"),
+ unaddr->sun_path, strerror (errno));
+
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"),
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 4 ++++
common/sysutils.c | 2 +-
dirmngr/dirmngr.c | 4 ++++
scd/scdaemon.c | 4 ++++
4 files changed, 13 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list