From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Feb 2025 08:57:47 +0000 (+0100)
Subject: homed: explicitly set access mode of private/public signing key pair
X-Git-Tag: v258-rc1~1286
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cfeeaebafe4ed36ec892cb48462e487ae9a361e1;p=thirdparty%2Fsystemd.git

homed: explicitly set access mode of private/public signing key pair

So far we relied that the temporary file logic would create the key
files with 0600 mode, but let's set the access mode explicitly:

1. Tighten private key file access from 0600 to 0400, after all we never
   want to write it again, it's not a mutable file.

2. Relaxed public key file access mode from 0600 to 0444, after all it's
   a public key file, and people should be able to see it if they want
   This is useful for propagating the key onto other systems if needed.
---

diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c
index 62a1a636f85..71218336601 100644
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@@ -1455,6 +1455,8 @@ static int manager_generate_key_pair(Manager *m) {
         if (PEM_write_PUBKEY(fpublic, m->private_key) <= 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write public key.");
 
+        (void) fchmod(fileno(fpublic), 0444); /* Make public key world readable */
+
         r = fflush_sync_and_check(fpublic);
         if (r < 0)
                 return log_error_errno(r, "Failed to write private key: %m");
@@ -1469,6 +1471,8 @@ static int manager_generate_key_pair(Manager *m) {
         if (PEM_write_PrivateKey(fprivate, m->private_key, NULL, NULL, 0, NULL, NULL) <= 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write private key pair.");
 
+        (void) fchmod(fileno(fprivate), 0400); /* Make private key root readable */
+
         r = fflush_sync_and_check(fprivate);
         if (r < 0)
                 return log_error_errno(r, "Failed to write private key: %m");