From e63d4ce9229e8a39355ab80d615d66983b9853a4 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Thu, 24 Oct 2024 15:23:33 +0200 Subject: [PATCH] nvme: set file permission for keyfile to owner only Since this file contains secret enforce the read/write permission limited to the owner only. Signed-off-by: Daniel Wagner --- nvme.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nvme.c b/nvme.c index 9ba59bdd..d1107ca1 100644 --- a/nvme.c +++ b/nvme.c @@ -9480,6 +9480,7 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin const char *revoke = "Revoke key from the keyring."; _cleanup_file_ FILE *fd = NULL; + mode_t old_umask = 0; int cnt, err = 0; struct config { @@ -9520,6 +9521,8 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin else mode = "w"; + old_umask = umask(0); + fd = fopen(cfg.keyfile, mode); if (!fd) { nvme_show_error("Cannot open keyfile %s, error %d", @@ -9575,6 +9578,11 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin printf("revoking key\n"); } + if (old_umask != 0 && fd) { + umask(old_umask); + chmod(cfg.keyfile, 0600); + } + return err; } -- 2.50.1