Fixing issue #262 & #263, bad keyfile permissions. #262

Merged
fiatflux merged 12 commits from keyfile_perm_fix into master 2013-07-15 21:51:28 +02:00
Showing only changes of commit ebaa1bf346 - Show all commits

View File

@ -8,20 +8,24 @@ maximumAgeOfNodesThatIAdvertiseToOthers = 10800 # Equals three hours
useVeryEasyProofOfWorkForTesting = False # If you set this to True while on the normal network, you won't be able to send or sometimes receive messages. useVeryEasyProofOfWorkForTesting = False # If you set this to True while on the normal network, you won't be able to send or sometimes receive messages.
import threading # Libraries.
import sys
from addresses import *
import highlevelcrypto
import Queue
import pickle
import os
import time
import ConfigParser import ConfigParser
import socket import os
import pickle
import Queue
import random import random
import socket
import sys
import stat
import threading
import time
# Project imports.
from addresses import *
from debug import logger
import highlevelcrypto import highlevelcrypto
import shared import shared
import stat
config = ConfigParser.SafeConfigParser() config = ConfigParser.SafeConfigParser()
myECCryptorObjects = {} myECCryptorObjects = {}
@ -131,12 +135,14 @@ def lookupAppdataFolder():
except KeyError: except KeyError:
dataFolder = path.join(environ["HOME"], ".config", APPNAME) dataFolder = path.join(environ["HOME"], ".config", APPNAME)
# Migrate existing data to the proper location if this is an existing install # Migrate existing data to the proper location if this is an existing install
try: if not os.path.exists(dataFolder):
print "Moving data folder to ~/.config/%s" % APPNAME try:
move(path.join(environ["HOME"], ".%s" % APPNAME), dataFolder) print "Moving data folder to ~/.config/%s" % APPNAME
dataFolder = dataFolder + '/' move(path.join(environ["HOME"], ".%s" % APPNAME), dataFolder)
except IOError: dataFolder = dataFolder
dataFolder = dataFolder + '/' except IOError:
dataFolder = dataFolder
dataFolder = dataFolder + '/'
return dataFolder return dataFolder
def isAddressInMyAddressBook(address): def isAddressInMyAddressBook(address):
@ -227,22 +233,12 @@ def reloadMyAddressHashes():
myECCryptorObjects[hash] = highlevelcrypto.makeCryptor(privEncryptionKey) myECCryptorObjects[hash] = highlevelcrypto.makeCryptor(privEncryptionKey)
myAddressesByHash[hash] = addressInKeysFile myAddressesByHash[hash] = addressInKeysFile
if not keyfileSecure:
# Insecure keyfile permissions. Disable key.
config.set(addressInKeysFile, 'enabled', 'false')
else: else:
sys.stderr.write('Error in reloadMyAddressHashes: Can\'t handle address ' sys.stderr.write('Error in reloadMyAddressHashes: Can\'t handle address '
'versions other than 2 or 3.\n') 'versions other than 2 or 3.\n')
if not keyfileSecure: if not keyfileSecure:
fixSensitiveFilePermissions(appdata + 'keys.dat', hasEnabledKeys) fixSensitiveFilePermissions(appdata + 'keys.dat', hasEnabledKeys)
if hasEnabledKeys:
try:
with open(appdata + 'keys.dat', 'wb') as keyfile:
config.write(keyfile)
except:
print 'Failed to disable vulnerable keys.'
raise
def reloadBroadcastSendersForWhichImWatching(): def reloadBroadcastSendersForWhichImWatching():
printLock.acquire() printLock.acquire()
@ -350,28 +346,10 @@ def checkSensitiveFilePermissions(filename):
# Fixes permissions on a sensitive file. # Fixes permissions on a sensitive file.
def fixSensitiveFilePermissions(filename, hasEnabledKeys): def fixSensitiveFilePermissions(filename, hasEnabledKeys):
if hasEnabledKeys: if hasEnabledKeys:
print logger.warning('Keyfile had insecure permissions, and there were enabled keys. '
print '******************************************************************' 'The truly paranoid should stop using them immediately.')
print '** !! WARNING !! **'
print '******************************************************************'
print '** Possibly major security problem: **'
print '** Your keyfile was vulnerable to being read by other users **'
print '** (including some untrusted daemons). You may wish to consider **'
print '** generating new keys and discontinuing use of your old ones. **'
print '** Your private keys have been disabled for your security, but **'
print '** you may re-enable them using the "Your Identities" tab in **'
print '** the default GUI or by modifying keys.dat such that your keys **'
print '** show "enabled = true". **'
else: else:
print '******************************************************************' logger.warning('Keyfile had insecure permissions, but there were no enabled keys.')
print '** !! WARNING !! **'
print '******************************************************************'
print '** Possibly major security problem: **'
print '** Your keyfile was vulnerable to being read by other users. **'
print '** Fortunately, you don\'t have any enabled keys, but be aware **'
print '** that any disabled keys may have been compromised by malware **'
print '** running by other users and that you should reboot before **'
print '** generating any new keys. **'
try: try:
present_permissions = os.stat(filename)[0] present_permissions = os.stat(filename)[0]
disallowed_permissions = stat.S_IRWXG | stat.S_IRWXO disallowed_permissions = stat.S_IRWXG | stat.S_IRWXO
@ -380,12 +358,9 @@ def fixSensitiveFilePermissions(filename, hasEnabledKeys):
allowed_permissions & present_permissions) allowed_permissions & present_permissions)
os.chmod(filename, new_permissions) os.chmod(filename, new_permissions)
print '** The file permissions have been automatically fixed. **' logger.info('Keyfile permissions automatically fixed.')
print '******************************************************************'
print
except Exception, e: except Exception, e:
print '** Could NOT automatically fix permissions. **' logger.exception('Keyfile permissions could not be fixed.')
print '******************************************************************'
print
raise raise