Re: bioctl: Allow passphrase files to be chmod 400

[Klemens Nanni]

On Mon, Jun 01, 2020 at 06:28:40PM -0400, Daniel Jakots wrote:
> To be sure I don't accidentally overwrite the passphrase files, I'd
> like to make them read only. The current code expects them to be
> readable and writable. I took the new code from ssh (sshkey_perm_ok
> function).
Permissions only protect you against non-root users;  for more there's
chflags(1), e.g. `chflags schg ./keyfile ; sysctl kern.securelevel=1'.

bioctl: Allow passphrase files to be chmod 400

[Daniel Jakots]

Hi,

To be sure I don't accidentally overwrite the passphrase files, I'd
like to make them read only. The current code expects them to be
readable and writable. I took the new code from ssh (sshkey_perm_ok
function).

While there, I changed the error message (also based on ssh) so the
user has a better idea of what the program wants.

Index: bioctl.c
===
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.144
diff -u -p -r1.144 bioctl.c
--- bioctl.c25 Apr 2020 14:37:43 -  1.144
+++ bioctl.c1 Jun 2020 22:10:31 -
@@ -1328,8 +1328,8 @@ derive_key(u_int32_t type, int rounds, u
err(1, "can't stat passphrase file");
if (sb.st_uid != 0)
errx(1, "passphrase file must be owned by root");
-   if ((sb.st_mode & ~S_IFMT) != (S_IRUSR | S_IWUSR))
-   errx(1, "passphrase file has the wrong permissions");
+   if ((sb.st_mode & 077) != 0)
+   errx(1, "passphrase file must not be accessible by 
others");
 
if (fgets(passphrase, sizeof(passphrase), f) == NULL)
err(1, "can't read passphrase file");


Cheers,
Daniel