diff options
author | elara-leitstellentechnik <elara-leitstellentechnik@users.noreply.github.com> | 2023-12-08 17:25:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-08 16:25:57 +0000 |
commit | 10ada2ff6d2a08108edf5b4dbe6562cc9465523d (patch) | |
tree | 465854827969b72acbe8c720d9d0493ada7fa02a | |
parent | Clarify documentation for `only_for_reauth` (#16737) (diff) | |
download | synapse-10ada2ff6d2a08108edf5b4dbe6562cc9465523d.tar.xz |
Write signing keys with file mode 0640 (#16740)
Co-authored-by: Fabian Klemp <fabian.klemp@frequentis.com>
-rw-r--r-- | changelog.d/16740.bugfix | 1 | ||||
-rwxr-xr-x | synapse/_scripts/generate_signing_key.py | 13 | ||||
-rw-r--r-- | synapse/config/key.py | 8 |
3 files changed, 17 insertions, 5 deletions
diff --git a/changelog.d/16740.bugfix b/changelog.d/16740.bugfix new file mode 100644 index 0000000000..21551516e2 --- /dev/null +++ b/changelog.d/16740.bugfix @@ -0,0 +1 @@ +Fix a long-standing bug where the signing keys generated by Synapse were world-readable. Contributed by Fabian Klemp. diff --git a/synapse/_scripts/generate_signing_key.py b/synapse/_scripts/generate_signing_key.py index 3f8f5da75f..581b991505 100755 --- a/synapse/_scripts/generate_signing_key.py +++ b/synapse/_scripts/generate_signing_key.py @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. import argparse +import os import sys from signedjson.key import generate_signing_key, write_signing_keys @@ -26,15 +27,21 @@ def main() -> None: parser.add_argument( "-o", "--output_file", - type=argparse.FileType("w"), - default=sys.stdout, + type=str, + default="-", help="Where to write the output to", ) args = parser.parse_args() key_id = "a_" + random_string(4) key = (generate_signing_key(key_id),) - write_signing_keys(args.output_file, key) + if args.output_file == "-": + write_signing_keys(sys.stdout, key) + else: + with open( + args.output_file, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: + write_signing_keys(signing_key_file, key) if __name__ == "__main__": diff --git a/synapse/config/key.py b/synapse/config/key.py index f3dc4df695..1920498cd1 100644 --- a/synapse/config/key.py +++ b/synapse/config/key.py @@ -263,7 +263,9 @@ class KeyConfig(Config): if not self.path_exists(signing_key_path): print("Generating signing key file %s" % (signing_key_path,)) - with open(signing_key_path, "w") as signing_key_file: + with open( + signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: key_id = "a_" + random_string(4) write_signing_keys(signing_key_file, (generate_signing_key(key_id),)) else: @@ -274,7 +276,9 @@ class KeyConfig(Config): key = decode_signing_key_base64( NACL_ED25519, key_id, signing_keys.split("\n")[0] ) - with open(signing_key_path, "w") as signing_key_file: + with open( + signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: write_signing_keys(signing_key_file, (key,)) |