diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | src/common/crypto.c | 1 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 6 |
3 files changed, 8 insertions, 0 deletions
@@ -3,6 +3,7 @@ Changes in version 0.2.0.3-alpha - 2007-??-?? - Create listener connections before we setuid to the configured User and Group. This way, you can choose port values under 1024, start Tor as root, and have Tor bind those ports before it changes to another UID. + - tor-gencert creates all files visible to the file creator only. o Minor bugfixes (dns): - Fix a crash when DNSPort is set more than once. (Patch from Robert diff --git a/src/common/crypto.c b/src/common/crypto.c index bcb8a375a..d4059e0d7 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -566,6 +566,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, s = tor_malloc(len+1); memcpy(s, cp, len); s[len]='\0'; + /* XXXX020 make this file get created with mode 600. */ r = write_str_to_file(fname, s, 0); BIO_free(bio); tor_free(s); diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index fadefc13d..e4bc01df7 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -7,6 +7,9 @@ #include <stdio.h> #include <string.h> +#include <sys/types.h> +#include <sys/stat.h> + #include <openssl/evp.h> #include <openssl/pem.h> #include <openssl/objects.h> @@ -354,6 +357,9 @@ main(int argc, char **argv) fprintf(stderr, "Couldn't seed RNG.\n"); goto done; } + /* Make sure that files are made private. */ + umask(0700); + if (parse_commandline(argc, argv)) goto done; if (load_identity_key()) |