diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-02-03 12:52:16 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-03 19:59:18 +0100 |
commit | fdb9161cd3e1a64eb9a653a6bf69596670d6e942 (patch) | |
tree | 1e3bf14a87ebea497cf9829d3070e02f27308749 /src | |
parent | e59749b1f8a960060b7b8e850cc79f97ddaf2db4 (diff) |
conf-parser: warn when we open configuration files with weird access bits
Diffstat (limited to 'src')
-rw-r--r-- | src/core/load-dropin.c | 36 | ||||
-rw-r--r-- | src/shared/conf-parser.c | 2 | ||||
-rw-r--r-- | src/shared/util.c | 18 | ||||
-rw-r--r-- | src/shared/util.h | 2 |
4 files changed, 35 insertions, 23 deletions
diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c index 35040090ac..546e560b85 100644 --- a/src/core/load-dropin.c +++ b/src/core/load-dropin.c @@ -100,8 +100,8 @@ static int process_dir( UnitDependency dependency, char ***strv) { + _cleanup_free_ char *path = NULL; int r; - char *path; assert(u); assert(unit_path); @@ -112,39 +112,29 @@ static int process_dir( if (!path) return log_oom(); - if (u->manager->unit_path_cache && - !set_get(u->manager->unit_path_cache, path)) - r = 0; - else + if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, path)) { r = iterate_dir(u, path, dependency, strv); - free(path); - - if (r < 0) - return r; + if (r < 0) + return r; + } if (u->instance) { - char *template; + _cleanup_free_ char *template = NULL, *p = NULL; /* Also try the template dir */ template = unit_name_template(name); if (!template) return log_oom(); - path = strjoin(unit_path, "/", template, suffix, NULL); - free(template); - - if (!path) + p = strjoin(unit_path, "/", template, suffix, NULL); + if (!p) return log_oom(); - if (u->manager->unit_path_cache && - !set_get(u->manager->unit_path_cache, path)) - r = 0; - else - r = iterate_dir(u, path, dependency, strv); - free(path); - - if (r < 0) - return r; + if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, p)) { + r = iterate_dir(u, p, dependency, strv); + if (r < 0) + return r; + } } return 0; diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c index df4e961ea0..d5a639e874 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c @@ -332,6 +332,8 @@ int config_parse(const char *unit, } } + fd_warn_permissions(filename, fileno(f)); + while (!feof(f)) { char l[LINE_MAX], *p, *c = NULL, *e; bool escaped = false; diff --git a/src/shared/util.c b/src/shared/util.c index aae587243e..f76ed6f563 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -6132,3 +6132,21 @@ int open_tmpfile(const char *path, int flags) { unlink(p); return fd; } + +int fd_warn_permissions(const char *path, int fd) { + struct stat st; + + if (fstat(fd, &st) < 0) + return -errno; + + if (st.st_mode & 0111) + log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); + + if (st.st_mode & 0002) + log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); + + if (getpid() == 1 && (st.st_mode & 0044) != 0044) + log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); + + return 0; +} diff --git a/src/shared/util.h b/src/shared/util.h index e4de4728bd..219e4897b3 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -867,3 +867,5 @@ int writev_safe(int fd, const struct iovec *w, int j); int mkostemp_safe(char *pattern, int flags); int open_tmpfile(const char *path, int flags); + +int fd_warn_permissions(const char *path, int fd); |