hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 07:23:56 +01:00
Code Issues Releases Wiki Activity

Change umask to besser protect generated key files.

Browse Source
This commit is contained in:
Heiko Reese
2021-10-13 15:35:10 +02:00
parent db9d8d6ee4
commit a8cbac240a
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/libexim-encrypt-dlfunc-genkeys.c
View File

@ -2,6 +2,8 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <ctype.h> #include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sodium.h> #include <sodium.h>
//void //void
@ -77,6 +79,9 @@ write_key_files(const char *filebase, const char *varname,
sprintf(exim_filename, "%s_exim.conf", filebase); sprintf(exim_filename, "%s_exim.conf", filebase);
sprintf(raw_filename, "%s.raw", filebase); sprintf(raw_filename, "%s.raw", filebase);
// set restrictive umask (access to user only)
mode_t original_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
// open exim config snippet file // open exim config snippet file
f = fopen(exim_filename, "w+"); f = fopen(exim_filename, "w+");
if (f == NULL) { if (f == NULL) {
@ -103,6 +108,8 @@ write_key_files(const char *filebase, const char *varname,
// close raw file // close raw file
fclose(f); fclose(f);
// restore original umask
umask(original_umask);
} }
void create_cryptobox_keys(const char *filebase, const char *varname) void create_cryptobox_keys(const char *filebase, const char *varname)