[Mono-dev] patch for StrongName to fix minor security bug
Andrew Yates
andrewyates at gmail.com
Sat Nov 12 09:57:02 EST 2005
Hi,
It is my understanding that the key generated by "sn -k foo.snk" is a
private key used to sign assemblies, and should not be shared with
anyone other than the key's owner.
If this is the case, there is a minor security bug in sn: when it
creates the key, it creates it according to the user's umask. The
umask for most distributions is 0022 by default, so this would create
the file with rw-r-r (644) permissions, allowing anyone with access to
that computer to read the key, assuming the key's parent directories
have rwx-rx-rx (755) permissions.
The key should be created with rw - - permissions (600). Below is a
patch which chmods the key to rw - - immediately after creating it, in
order to prevent unauthorized users from taking it and compromising
security.
Andrew
--- sn.cs.old 2005-11-10 08:31:54.000000000 -0500
+++ sn.cs 2005-11-12 09:32:45.000000000 -0500
@@ -352,7 +352,14 @@
}
}
sn = new StrongName (size);
- WriteToFile (args[i],
CryptoConvert.ToCapiKeyBlob (sn.RSA, true));
+ try {
+ WriteToFile
(args[i], CryptoConvert.ToCapiKeyBlob (sn.RSA, true));
+
Mono.Unix.Native.Syscall.chmod (args[i],
(Mono.Unix.Native.FilePermissions)0x180);
+ }
+ catch {
+
Console.WriteLine("An error occurred while creating the file '{0}'.",
args[i]);
+ break;
+ }
if (!quiet)
Console.WriteLine ("A
new {0} bits strong name keypair has been generated in file '{1}'.",
size, args [i]);
break;
More information about the Mono-devel-list
mailing list