git.ipfire.org Git - thirdparty/bind9.git/commit

author	Ondřej Surý <ondrej@isc.org>
	Thu, 30 Mar 2023 16:00:17 +0000 (18:00 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Fri, 31 Mar 2023 14:47:15 +0000 (16:47 +0200)
commit	718893ece475e13b3e860179447f405050a8a9f2
tree	45651deb67cc4294b5a286f40068ad6fcf09a39a	tree \| snapshot
parent	dcea09a32762013b64ed365420c22e0f30f89295	commit \| diff

Replace isc_fsaccess API with more secure file creation

The isc_fsaccess API was created to hide the implementation details
between POSIX and Windows APIs. As we are not supporting the Windows
APIs anymore, it's better to drop this API used in the DST part.

Moreover, the isc_fsaccess was setting the permissions in an insecure
manner - it operated on the filename, and not on the file descriptor
which can lead to all kind of attacks if unpriviledged user has read (or
even worse write) access to key directory.

Replace the code that operates on the private keys with code that uses
mkstemp(), fchmod() and atomic rename() at the end, so at no time the
private key files have insecure permissions.

(cherry picked from commit 263d232c792914b36af3c7e9b9f894b9af9eafb7)

lib/dns/dst_api.c		diff \| blob \| blame \| history
lib/dns/dst_internal.h		diff \| blob \| blame \| history
lib/dns/dst_parse.c		diff \| blob \| blame \| history
lib/dns/include/dst/dst.h		diff \| blob \| blame \| history
lib/isc/Makefile.am		diff \| blob \| blame \| history
lib/isc/fsaccess.c	[deleted file]	blob \| blame \| history
lib/isc/fsaccess_common.c	[deleted file]	blob \| blame \| history
lib/isc/fsaccess_common_p.h	[deleted file]	blob \| blame \| history
lib/isc/include/isc/fsaccess.h	[deleted file]	blob \| blame \| history
lib/isc/include/isc/types.h		diff \| blob \| blame \| history