[Patch] Permissions checking and warnings
Lefteris Chatzibarbas
lefcha at hol.gr
Tue May 22 05:17:01 CEST 2001
Ok, this new patch checks permissions of the homedir (700), all secret
keyrings (600) and random seed file (600).
It also adds a command line option "--no-permissions-check" that skips all
the permission checks.
I think that when someone finds the permissions strict can just disable the
warnings and set modes in whatever way he wants, because most certainly he
knows what he's doing (ie. acknowledges the security risks of allowing access to
secring.gpg).
Eager to receive comments/suggestions/anything...
-------------- next part --------------
diff -rNu gnupg-1.0.5/checks/Makefile.am gnupg/checks/Makefile.am
--- gnupg-1.0.5/checks/Makefile.am Tue Mar 27 14:47:51 2001
+++ gnupg/checks/Makefile.am Tue May 22 04:10:16 2001
@@ -18,8 +18,8 @@
## Process this file with automake to create Makefile.in
-GPG_DEARMOR = ../g10/gpg --no-options --no-greeting --batch --quiet --yes --dearmor
-GPG_IMPORT = ../g10/gpg --homedir . --quiet --yes --import
+GPG_DEARMOR = ../g10/gpg --no-options --no-greeting --batch --quiet --yes --dearmor --no-permissions-check
+GPG_IMPORT = ../g10/gpg --homedir . --quiet --yes --import --no-permissions-check
TESTS = version.test mds.test \
decrypt.test decrypt-dsa.test \
diff -rNu gnupg-1.0.5/checks/Makefile.in gnupg/checks/Makefile.in
--- gnupg-1.0.5/checks/Makefile.in Sun Apr 29 17:39:46 2001
+++ gnupg/checks/Makefile.in Tue May 22 04:10:16 2001
@@ -125,8 +125,8 @@
ZLIBS = @ZLIBS@
l = @l@
-GPG_DEARMOR = ../g10/gpg --no-options --no-greeting --batch --quiet --yes --dearmor
-GPG_IMPORT = ../g10/gpg --homedir . --quiet --yes --import
+GPG_DEARMOR = ../g10/gpg --no-options --no-greeting --batch --quiet --yes --dearmor --no-permissions-check
+GPG_IMPORT = ../g10/gpg --homedir . --quiet --yes --import --no-permissions-check
TESTS = version.test mds.test decrypt.test decrypt-dsa.test sigs.test sigs-dsa.test encrypt.test encrypt-dsa.test seat.test clearsig.test encryptp.test detach.test armsigs.test armencrypt.test armencryptp.test signencrypt.test signencrypt-dsa.test armsignencrypt.test armdetach.test armdetachm.test detachm.test genkey1024.test conventional.test conventional-mdc.test multisig.test
diff -rNu gnupg-1.0.5/doc/gpg.1 gnupg/doc/gpg.1
--- gnupg-1.0.5/doc/gpg.1 Sat Apr 28 21:43:45 2001
+++ gnupg/doc/gpg.1 Tue May 22 04:41:12 2001
@@ -696,6 +696,8 @@
.IP "--no-default-keyring" 10
Do not add the default keyrings to the list of
keyrings.
+.IP "--no-permissions-check" 10
+Suppress any warnings that have to do with permissions of important files.
.IP "--skip-verify" 10
Skip the signature verification step. This may be
used to make the decryption faster if the signature
@@ -883,4 +885,4 @@
warning message about insecure memory your operating system supports
locking without being root. The program drops root privileges as soon
as locked memory is allocated.
-...\" created by instant / docbook-to-man, Sat 28 Apr 2001, 20:43
+...\" created by instant / docbook-to-man, Tue 22 May 2001, 04:40
diff -rNu gnupg-1.0.5/doc/gpg.info gnupg/doc/gpg.info
--- gnupg-1.0.5/doc/gpg.info Sat Apr 28 21:45:54 2001
+++ gnupg/doc/gpg.info Tue May 22 04:41:12 2001
@@ -766,6 +766,10 @@
--no-default-keyring
Do not add the default keyrings to the list of keyrings.
+--no-permissions-check
+ Suppress any warnings that have to do with permissions of
+ important files.
+
--skip-verify
Skip the signature verification step. This may be used to make the
decryption faster if the signature verification is not needed.
diff -rNu gnupg-1.0.5/doc/gpg.sgml gnupg/doc/gpg.sgml
--- gnupg-1.0.5/doc/gpg.sgml Sat Apr 28 21:43:18 2001
+++ gnupg/doc/gpg.sgml Tue May 22 04:41:12 2001
@@ -1353,6 +1353,13 @@
<varlistentry>
+<term>--no-permissions-check</term>
+<listitem><para>
+Suppress any warnings that have to do with permissions of important files.
+</para></listitem></varlistentry>
+
+
+<varlistentry>
<term>--skip-verify</term>
<listitem><para>
Skip the signature verification step. This may be
diff -rNu gnupg-1.0.5/doc/gpg.texi gnupg/doc/gpg.texi
--- gnupg-1.0.5/doc/gpg.texi Sat Apr 28 21:43:43 2001
+++ gnupg/doc/gpg.texi Tue May 22 04:41:12 2001
@@ -812,6 +812,9 @@
Do not add the default keyrings to the list of
keyrings.
+ at item ---no-permissions-check
+Suppress any warnings that have to do with permissions of important files.
+
@item ---skip-verify
Skip the signature verification step. This may be
used to make the decryption faster if the signature
diff -rNu gnupg-1.0.5/g10/g10.c gnupg/g10/g10.c
--- gnupg-1.0.5/g10/g10.c Tue Mar 27 17:53:39 2001
+++ gnupg/g10/g10.c Tue May 22 04:10:16 2001
@@ -206,6 +206,7 @@
oFixedListMode,
oNoSigCache,
oNoSigCreateCheck,
+ oNoPermissionsCheck,
oEmu3DESS2KBug, /* will be removed in 1.1 */
oEmuMDEncodeBug,
aTest };
@@ -403,6 +404,7 @@
{ oTryAllSecrets, "try-all-secrets", 0, "@" },
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
{ oNoExpensiveTrustChecks, "no-expensive-trust-checks", 0, "@" },
+ { oNoPermissionsCheck, "no-permissions-check", 0, "@" },
{ aDeleteSecretAndPublicKey, "delete-secret-and-public-key",256, "@" },
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
{ oEmuMDEncodeBug, "emulate-md-encode-bug", 0, "@"},
@@ -652,6 +654,7 @@
opt.max_cert_depth = 5;
opt.pgp2_workarounds = 1;
opt.auto_key_retrieve = 1;
+ opt.no_permissions_check = 0;
#ifdef __MINGW32__
opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" );
#else
@@ -967,6 +970,7 @@
break;
case oNoSigCache: opt.no_sig_cache = 1; break;
case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
+ case oNoPermissionsCheck: opt.no_permissions_check = 1; break;
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
case oNoLiteral: opt.no_literal = 1; break;
@@ -1043,6 +1047,10 @@
set_debug();
g10_opt_homedir = opt.homedir;
+ /* check homedir permissions */
+ if (!opt.no_permissions_check)
+ check_dir_perms(make_filename(opt.homedir, NULL));
+
/* must do this after dropping setuid, because string_to...
* may try to load an module */
@@ -1099,6 +1107,8 @@
if( use_random_seed ) {
char *p = make_filename(opt.homedir, "random_seed", NULL );
set_random_seed_file(p);
+ if (!opt.no_permissions_check) /* check permissions */
+ check_file_perms(p);
m_free(p);
}
@@ -1134,10 +1144,16 @@
if( cmd != aDeArmor && cmd != aEnArmor
&& !(cmd == aKMode && argc == 2 ) ) {
- if( !sec_nrings || default_keyring ) /* add default secret rings */
+ if( !sec_nrings || default_keyring ) {/* add default secret rings */
add_keyblock_resource("secring.gpg", 0, 1);
- for(sl = sec_nrings; sl; sl = sl->next )
+ if (!opt.no_permissions_check) /* check permissions */
+ check_file_perms(make_filename(opt.homedir, "secring.gpg", NULL));
+ }
+ for(sl = sec_nrings; sl; sl = sl->next ) {
add_keyblock_resource( sl->d, 0, 1 );
+ if (!opt.no_permissions_check) /* check permissions */
+ check_file_perms(make_filename(sl->d, NULL));
+ }
if( !nrings || default_keyring ) /* add default ring */
add_keyblock_resource("pubring.gpg", 0, 0);
for(sl = nrings; sl; sl = sl->next )
diff -rNu gnupg-1.0.5/g10/options.h gnupg/g10/options.h
--- gnupg-1.0.5/g10/options.h Tue Mar 27 17:24:39 2001
+++ gnupg/g10/options.h Tue May 22 04:10:16 2001
@@ -103,6 +103,7 @@
int no_expensive_trust_checks;
int no_sig_cache;
int no_sig_create_check;
+ int no_permissions_check;
} opt;
diff -rNu gnupg-1.0.5/include/util.h gnupg/include/util.h
--- gnupg-1.0.5/include/util.h Sat Apr 28 20:51:57 2001
+++ gnupg/include/util.h Tue May 22 04:10:16 2001
@@ -145,7 +145,8 @@
int compare_filenames( const char *a, const char *b );
const char *print_fname_stdin( const char *s );
const char *print_fname_stdout( const char *s );
-
+int check_dir_perms(const char *dname);
+int check_file_perms(const char *fname);
/*-- miscutil.c --*/
u32 make_timestamp(void);
diff -rNu gnupg-1.0.5/util/fileutil.c gnupg/util/fileutil.c
--- gnupg-1.0.5/util/fileutil.c Sun Apr 29 16:26:37 2001
+++ gnupg/util/fileutil.c Tue May 22 04:10:16 2001
@@ -25,6 +25,9 @@
#include <string.h>
#include <assert.h>
#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include "util.h"
#include "memory.h"
#include "ttyio.h"
@@ -155,4 +158,63 @@
return s;
}
+
+/*
+ * Check homedir permissions and print a warning if improperly set.
+ */
+int check_dir_perms(const char *dname)
+{
+ struct stat dstat;
+
+ if (access(dname, F_OK))
+ return 0;
+
+ if (stat(dname, &dstat)) {
+ log_error("could not get dir %s status: %s\n", dname, strerror(errno));
+ return -2;
+ }
+
+ if (!S_ISDIR(dstat.st_mode)) {
+ log_error("file %s is not a directory\n", dname);
+ return -2;
+ }
+
+ if ((dstat.st_mode & 00777) != (S_IRUSR | S_IWUSR | S_IXUSR)) {
+ log_info("Warning: bad dir %s permissions %o, should be 700\n",
+ dname, (dstat.st_mode & 00777));
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/*
+ * Check permissions of certain important files such as secring.gpg.
+ */
+int check_file_perms(const char *fname)
+{
+ struct stat fstat;
+
+ if (access(fname, F_OK))
+ return 0;
+
+ if (stat(fname, &fstat)) {
+ log_error("could not get file %s status: %s\n", fname, strerror(errno));
+ return -2;
+ }
+
+ if (!S_ISREG(fstat.st_mode)) {
+ log_error("file %s is not a regular file\n", fname);
+ return -2;
+ }
+
+ if ((fstat.st_mode & 00777) != (S_IRUSR | S_IWUSR)) {
+ log_info("Warning: bad file %s permissions %o, should be 600\n",
+ fname, (fstat.st_mode & 00777));
+ return -1;
+ }
+
+ return 0;
+}
More information about the Gnupg-devel
mailing list