Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files

[Solar Designer <solar () openwall com>]

On Fri, Sep 21, 2012 at 12:37:00PM +0200, Tomas Mraz wrote:
> On Fri, 2012-09-21 at 12:20 +0200, Matthias Weckbecker wrote:
> >  # de-crypting
> >  % gpg sikrit.gpg
> >  % ll sikrit*
> >    -rw-r--r-- 1 gp users  12 Sep 17 09:41 sikrit
> >    -rw------- 1 gp users 480 Sep 17 09:40 sikrit.gpg
[...]
> I suppose the permissions respect the user's umask so I do not think
> this is a real security issue in the gpg itself. Although using the
> permissions of the original file when creating the decrypted/encrypted
> one (still modified with the user's umask) would be more appropriate. So
> in my opinion this does not warrant a CVE but improvement in the
> upstream gnupg code would be appreciated I think.

Agreed, and the "still modified with the user's umask" portion is very
important.  I assume you mean orig.st_mode & ~umask.  With open(...,
O_CREAT | ..., orig.st_mode) this does not need to be explicit, but with
fchmod() it does.

(Sorry for stating the obvious, but I am concerned that someone might
patch GnuPG to just chmod to the original file's perms ignoring umask,
which would be a dangerous change of behavior.)

Alexander