Home GnuPG
Diffusion GnuPG 7e8f28653c1b

gpg: Re-add checking of config file permissions.
7e8f28653c1b
Actions

Description

gpg: Re-add checking of config file permissions.

* g10/gpg.c (main): Re-add permission checking of the user config
file.  Re-add code to check against the SE-Linux secured file list.
(get_default_configname): Remove unused func.
* configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
(SAFE_VERSION_DASH): Remove.

Die to the switch to the new option parser, the permissions were not
anymore checked. This patch fixes this. Note that there there is no
checking for the global config file because that file is not expected
to be user modifiable.

This patch also adds checking against the list of SE-linux secured
files. However, like in the old code the checking does not work in
practise because the to be checked files are added to the the list
only after option parsing. Tested using temporary debug code.

The SAFE_VERSION macros were used for RISC OS, which is not anymore
supported, and only in the now removed get_default_configname. There
purpose was that a RISC OS could use a modified config.h here.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Feb 25 2020, 12:11 PM
Parents
rG833c04334a53: Use gpgrt's new option parser for the new keyboxd.
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
g10/

rG7e8f28653c1b

View Options

configure.ac

Loading...
View Options

g10/gpg.c

Loading...