diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-02-03 12:52:16 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-03 19:59:18 +0100 |
| commit | fdb9161cd3e1a64eb9a653a6bf69596670d6e942 (patch) | |
| tree | 1e3bf14a87ebea497cf9829d3070e02f27308749 /src/shared/util.c | |
| parent | e59749b1f8a960060b7b8e850cc79f97ddaf2db4 (diff) | |
conf-parser: warn when we open configuration files with weird access bits
Diffstat (limited to 'src/shared/util.c')
| -rw-r--r-- | src/shared/util.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index aae587243e..f76ed6f563 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -6132,3 +6132,21 @@ int open_tmpfile(const char *path, int flags) { unlink(p); return fd; } + +int fd_warn_permissions(const char *path, int fd) { + struct stat st; + + if (fstat(fd, &st) < 0) + return -errno; + + if (st.st_mode & 0111) + log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); + + if (st.st_mode & 0002) + log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); + + if (getpid() == 1 && (st.st_mode & 0044) != 0044) + log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); + + return 0; +} |