From 14bf35421bf75d26fe4799286c026a0cb7679615 Mon Sep 17 00:00:00 2001
From: Gregor Robinson <gregor@fiatflux.co.uk>
Date: Wed, 26 Jun 2013 12:28:01 +0000
Subject: [PATCH] Fixing issue #258, bad keyfile permissions.

This spits out a warning to the console, but ideally it would also
issue a warning to the GUI for those who didn't start it from the
console. N.B. the warning is a one shot thing, since it fixes the
problem in a way essentially undetectable in the future, so it
should be done right if it is to be done at all.
Maybe we should even disable all keys automatically if the keyfile
is found in an insecure state.
---
 src/shared.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/shared.py b/src/shared.py
index 5dc6964b..09d0bae8 100644
--- a/src/shared.py
+++ b/src/shared.py
@@ -21,6 +21,7 @@ import socket
 import random
 import highlevelcrypto
 import shared
+import stat
 
 config = ConfigParser.SafeConfigParser()
 myECCryptorObjects = {}
@@ -196,8 +197,10 @@ def reloadMyAddressHashes():
     myAddressesByHash.clear()
     #myPrivateKeys.clear()
     configSections = config.sections()
+    hasExistingKeys = False
     for addressInKeysFile in configSections:
         if addressInKeysFile <> 'bitmessagesettings':
+            hasExistingKeys = True
             isEnabled = config.getboolean(addressInKeysFile, 'enabled')
             if isEnabled:
                 status,addressVersionNumber,streamNumber,hash = decodeAddress(addressInKeysFile)
@@ -208,6 +211,7 @@ def reloadMyAddressHashes():
                         myAddressesByHash[hash] = addressInKeysFile
                 else:
                     sys.stderr.write('Error in reloadMyAddressHashes: Can\'t handle address versions other than 2 or 3.\n')
+    fixKeyfilePermissions(appdata + 'keys.dat', hasExistingKeys)
 
 def reloadBroadcastSendersForWhichImWatching():
     printLock.acquire()
@@ -298,3 +302,26 @@ def fixPotentiallyInvalidUTF8Data(text):
     except:
         output = 'Part of the message is corrupt. The message cannot be displayed the normal way.\n\n' + repr(text)
         return output
+
+# Fix keyfile permissions due to inappropriate umask during keys.dat creation.
+def fixKeyfilePermissions(keyfile, hasExistingKeys):
+    present_keyfile_permissions = os.stat(keyfile)[0]
+    keyfile_disallowed_permissions = stat.S_IRWXG | stat.S_IRWXO
+    if (present_keyfile_permissions & keyfile_disallowed_permissions) != 0:
+        allowed_keyfile_permissions = ((1<<32)-1) ^ keyfile_disallowed_permissions
+        new_keyfile_permissions = (
+            allowed_keyfile_permissions & present_keyfile_permissions)
+        os.chmod(keyfile, new_keyfile_permissions)
+        if hasExistingKeys:
+            print
+            print '******************************************************************'
+            print '**                      !! WARNING !!                           **'
+            print '******************************************************************'
+            print '** Possibly major security problem:                             **'
+            print '** Your keyfiles were vulnerable to being read by other users   **'
+            print '** (including some untrusted daemons). You may wish to consider **'
+            print '** generating new keys and discontinuing use of your old ones.  **'
+            print '** The problem has been automatically fixed.                    **'
+            print '******************************************************************'
+            print
+