[9.18] Replace isc_fsaccess API with more secure file creation (!7767) · Merge requests · ISC Open Source Projects / BIND

Ondřej Surý requested to merge 3982-remove-isc_fsaccess-API--9.18 into bind-9.18 Mar 31, 2023

The isc_fsaccess API was created to hide the implementation details between POSIX and Windows APIs. As we are not supporting the Windows APIs anymore, it's better to drop this API used in the DST part.

Moreover, the isc_fsaccess was setting the permissions in an insecure manner - it operated on the filename, and not on the file descriptor which can lead to all kind of attacks if unpriviledged user has read (or even worse write) access to key directory.

Replace the code that operates on the private keys with code that uses mkstemp(), fchmod() and atomic rename() at the end, so at no time the private key files have insecure permissions.

Closes #3982 (closed)

Backport of MR!7766

Edited Mar 31, 2023 by Ondřej Surý

[9.18] Replace isc_fsaccess API with more secure file creation

Merge request reports