diff options
| -rw-r--r-- | src/core/load-dropin.c | 36 | ||||
| -rw-r--r-- | src/shared/conf-parser.c | 2 | ||||
| -rw-r--r-- | src/shared/util.c | 18 | ||||
| -rw-r--r-- | src/shared/util.h | 2 | 
4 files changed, 35 insertions, 23 deletions
| diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c index 35040090ac..546e560b85 100644 --- a/src/core/load-dropin.c +++ b/src/core/load-dropin.c @@ -100,8 +100,8 @@ static int process_dir(                  UnitDependency dependency,                  char ***strv) { +        _cleanup_free_ char *path = NULL;          int r; -        char *path;          assert(u);          assert(unit_path); @@ -112,39 +112,29 @@ static int process_dir(          if (!path)                  return log_oom(); -        if (u->manager->unit_path_cache && -            !set_get(u->manager->unit_path_cache, path)) -                r = 0; -        else +        if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, path)) {                  r = iterate_dir(u, path, dependency, strv); -        free(path); - -        if (r < 0) -                return r; +                if (r < 0) +                        return r; +        }          if (u->instance) { -                char *template; +                _cleanup_free_ char *template = NULL, *p = NULL;                  /* Also try the template dir */                  template = unit_name_template(name);                  if (!template)                          return log_oom(); -                path = strjoin(unit_path, "/", template, suffix, NULL); -                free(template); - -                if (!path) +                p = strjoin(unit_path, "/", template, suffix, NULL); +                if (!p)                          return log_oom(); -                if (u->manager->unit_path_cache && -                    !set_get(u->manager->unit_path_cache, path)) -                        r = 0; -                else -                        r = iterate_dir(u, path, dependency, strv); -                free(path); - -                if (r < 0) -                        return r; +                if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, p)) { +                        r = iterate_dir(u, p, dependency, strv); +                        if (r < 0) +                                return r; +                }          }          return 0; diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c index df4e961ea0..d5a639e874 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c @@ -332,6 +332,8 @@ int config_parse(const char *unit,                  }          } +        fd_warn_permissions(filename, fileno(f)); +          while (!feof(f)) {                  char l[LINE_MAX], *p, *c = NULL, *e;                  bool escaped = false; diff --git a/src/shared/util.c b/src/shared/util.c index aae587243e..f76ed6f563 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -6132,3 +6132,21 @@ int open_tmpfile(const char *path, int flags) {          unlink(p);          return fd;  } + +int fd_warn_permissions(const char *path, int fd) { +        struct stat st; + +        if (fstat(fd, &st) < 0) +                return -errno; + +        if (st.st_mode & 0111) +                log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); + +        if (st.st_mode & 0002) +                log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); + +        if (getpid() == 1 && (st.st_mode & 0044) != 0044) +                log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); + +        return 0; +} diff --git a/src/shared/util.h b/src/shared/util.h index e4de4728bd..219e4897b3 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -867,3 +867,5 @@ int writev_safe(int fd, const struct iovec *w, int j);  int mkostemp_safe(char *pattern, int flags);  int open_tmpfile(const char *path, int flags); + +int fd_warn_permissions(const char *path, int fd); | 
