Fixing issue #258, bad keyfile permissions.
This spits out a warning to the console, but ideally it would also issue a warning to the GUI for those who didn't start it from the console. N.B. the warning is a one shot thing, since it fixes the problem in a way essentially undetectable in the future, so it should be done right if it is to be done at all. Maybe we should even disable all keys automatically if the keyfile is found in an insecure state.
This commit is contained in:
parent
94835ab8ae
commit
14bf35421b
|
@ -21,6 +21,7 @@ import socket
|
||||||
import random
|
import random
|
||||||
import highlevelcrypto
|
import highlevelcrypto
|
||||||
import shared
|
import shared
|
||||||
|
import stat
|
||||||
|
|
||||||
config = ConfigParser.SafeConfigParser()
|
config = ConfigParser.SafeConfigParser()
|
||||||
myECCryptorObjects = {}
|
myECCryptorObjects = {}
|
||||||
|
@ -196,8 +197,10 @@ def reloadMyAddressHashes():
|
||||||
myAddressesByHash.clear()
|
myAddressesByHash.clear()
|
||||||
#myPrivateKeys.clear()
|
#myPrivateKeys.clear()
|
||||||
configSections = config.sections()
|
configSections = config.sections()
|
||||||
|
hasExistingKeys = False
|
||||||
for addressInKeysFile in configSections:
|
for addressInKeysFile in configSections:
|
||||||
if addressInKeysFile <> 'bitmessagesettings':
|
if addressInKeysFile <> 'bitmessagesettings':
|
||||||
|
hasExistingKeys = True
|
||||||
isEnabled = config.getboolean(addressInKeysFile, 'enabled')
|
isEnabled = config.getboolean(addressInKeysFile, 'enabled')
|
||||||
if isEnabled:
|
if isEnabled:
|
||||||
status,addressVersionNumber,streamNumber,hash = decodeAddress(addressInKeysFile)
|
status,addressVersionNumber,streamNumber,hash = decodeAddress(addressInKeysFile)
|
||||||
|
@ -208,6 +211,7 @@ def reloadMyAddressHashes():
|
||||||
myAddressesByHash[hash] = addressInKeysFile
|
myAddressesByHash[hash] = addressInKeysFile
|
||||||
else:
|
else:
|
||||||
sys.stderr.write('Error in reloadMyAddressHashes: Can\'t handle address versions other than 2 or 3.\n')
|
sys.stderr.write('Error in reloadMyAddressHashes: Can\'t handle address versions other than 2 or 3.\n')
|
||||||
|
fixKeyfilePermissions(appdata + 'keys.dat', hasExistingKeys)
|
||||||
|
|
||||||
def reloadBroadcastSendersForWhichImWatching():
|
def reloadBroadcastSendersForWhichImWatching():
|
||||||
printLock.acquire()
|
printLock.acquire()
|
||||||
|
@ -298,3 +302,26 @@ def fixPotentiallyInvalidUTF8Data(text):
|
||||||
except:
|
except:
|
||||||
output = 'Part of the message is corrupt. The message cannot be displayed the normal way.\n\n' + repr(text)
|
output = 'Part of the message is corrupt. The message cannot be displayed the normal way.\n\n' + repr(text)
|
||||||
return output
|
return output
|
||||||
|
|
||||||
|
# Fix keyfile permissions due to inappropriate umask during keys.dat creation.
|
||||||
|
def fixKeyfilePermissions(keyfile, hasExistingKeys):
|
||||||
|
present_keyfile_permissions = os.stat(keyfile)[0]
|
||||||
|
keyfile_disallowed_permissions = stat.S_IRWXG | stat.S_IRWXO
|
||||||
|
if (present_keyfile_permissions & keyfile_disallowed_permissions) != 0:
|
||||||
|
allowed_keyfile_permissions = ((1<<32)-1) ^ keyfile_disallowed_permissions
|
||||||
|
new_keyfile_permissions = (
|
||||||
|
allowed_keyfile_permissions & present_keyfile_permissions)
|
||||||
|
os.chmod(keyfile, new_keyfile_permissions)
|
||||||
|
if hasExistingKeys:
|
||||||
|
print
|
||||||
|
print '******************************************************************'
|
||||||
|
print '** !! WARNING !! **'
|
||||||
|
print '******************************************************************'
|
||||||
|
print '** Possibly major security problem: **'
|
||||||
|
print '** Your keyfiles were vulnerable to being read by other users **'
|
||||||
|
print '** (including some untrusted daemons). You may wish to consider **'
|
||||||
|
print '** generating new keys and discontinuing use of your old ones. **'
|
||||||
|
print '** The problem has been automatically fixed. **'
|
||||||
|
print '******************************************************************'
|
||||||
|
print
|
||||||
|
|
||||||
|
|
Reference in New Issue
Block a user