summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-04-29 19:48:03 -0300
committerLennart Poettering <lennart@poettering.net>2013-04-30 08:36:01 -0300
commit8973790ee6f62132b1b57de15c4edaef2c097004 (patch)
tree31dffe515b774f1efe4e9a20c1b23a554ea31ec5 /src
parent5954c07433b134694256b9989f2ad3f85a643976 (diff)
cryptsetup: warn if /etc/crypttab is world-readable
Diffstat (limited to 'src')
-rw-r--r--src/cryptsetup/cryptsetup-generator.c25
-rw-r--r--src/systemd/sd-bus.h2
2 files changed, 22 insertions, 5 deletions
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 228039d91f..7eae1c8c67 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -328,13 +328,13 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cm
}
int main(int argc, char *argv[]) {
+ _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
+ _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
+ _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;
_cleanup_fclose_ FILE *f = NULL;
unsigned n = 0;
int r = EXIT_SUCCESS;
char **i;
- _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
- _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
- _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;
if (argc > 1 && argc != 4) {
log_error("This program takes three or no arguments.");
@@ -357,8 +357,9 @@ int main(int argc, char *argv[]) {
return EXIT_SUCCESS;
if (arg_read_crypttab) {
- f = fopen("/etc/crypttab", "re");
+ struct stat st;
+ f = fopen("/etc/crypttab", "re");
if (!f) {
if (errno == ENOENT)
r = EXIT_SUCCESS;
@@ -366,7 +367,20 @@ int main(int argc, char *argv[]) {
r = EXIT_FAILURE;
log_error("Failed to open /etc/crypttab: %m");
}
- } else for (;;) {
+
+ goto next;
+ }
+
+ if (fstat(fileno(f), &st) < 0) {
+ log_error("Failed to stat /etc/crypttab: %m");
+ r = EXIT_FAILURE;
+ goto next;
+ }
+
+ if (st.st_mode & 0005)
+ log_warning("/etc/crypttab is world-readable. This is usually not a good idea.");
+
+ for (;;) {
char line[LINE_MAX], *l;
_cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
int k;
@@ -420,6 +434,7 @@ int main(int argc, char *argv[]) {
}
}
+next:
STRV_FOREACH(i, arg_proc_cmdline_disks) {
/*
Generate units for those UUIDs, which were specified
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
index 55648e0b34..c1ec50871f 100644
--- a/src/systemd/sd-bus.h
+++ b/src/systemd/sd-bus.h
@@ -48,6 +48,8 @@ extern "C" {
*
* - enforce alignment of pointers passed in
* - negotiation for attach attributes
+ *
+ * - for kernel and unix transports allow setting the unix user/access mode for the node
*/
typedef struct sd_bus sd_bus;