]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9df18e4)
homed: explicitly set access mode of private/public signing key pair
authorLennart Poettering <lennart@poettering.net>
Thu, 20 Feb 2025 08:57:47 +0000 (09:57 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 20 Feb 2025 16:35:12 +0000 (17:35 +0100)
So far we relied that the temporary file logic would create the key
files with 0600 mode, but let's set the access mode explicitly:

1. Tighten private key file access from 0600 to 0400, after all we never
   want to write it again, it's not a mutable file.

2. Relaxed public key file access mode from 0600 to 0444, after all it's
   a public key file, and people should be able to see it if they want
   This is useful for propagating the key onto other systems if needed.

src/home/homed-manager.c patch | blob | blame | history

diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c
index 62a1a636f853bccff864dd9cc04d46f4763d6d9b..71218336601da1cdadf9dd0a8cefc2ba75148aa7 100644 (file)
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@@ -1455,6 +1455,8 @@ static int manager_generate_key_pair(Manager *m) {
         if (PEM_write_PUBKEY(fpublic, m->private_key) <= 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write public key.");
 
+        (void) fchmod(fileno(fpublic), 0444); /* Make public key world readable */
+
         r = fflush_sync_and_check(fpublic);
         if (r < 0)
                 return log_error_errno(r, "Failed to write private key: %m");
@@ -1469,6 +1471,8 @@ static int manager_generate_key_pair(Manager *m) {
         if (PEM_write_PrivateKey(fprivate, m->private_key, NULL, NULL, 0, NULL, NULL) <= 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write private key pair.");
 
+        (void) fchmod(fileno(fprivate), 0400); /* Make private key root readable */
+
         r = fflush_sync_and_check(fprivate);
         if (r < 0)
                 return log_error_errno(r, "Failed to write private key: %m");
Unnamed repository; edit this file 'description' to name the repository.