fileio: add explicit flag for generating world executable warning when reading file
This commit is contained in:
parent
2e3e2750bb
commit
f294470262
|
@ -505,7 +505,7 @@ int read_full_stream_full(
|
|||
if (st.st_size > 0)
|
||||
n_next = st.st_size + 1;
|
||||
|
||||
if (flags & READ_FULL_FILE_SECURE)
|
||||
if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
|
||||
(void) warn_file_is_world_accessible(filename, &st, NULL, 0);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,9 +32,10 @@ typedef enum {
|
|||
} WriteStringFileFlags;
|
||||
|
||||
typedef enum {
|
||||
READ_FULL_FILE_SECURE = 1 << 0,
|
||||
READ_FULL_FILE_UNBASE64 = 1 << 1,
|
||||
READ_FULL_FILE_UNHEX = 1 << 2,
|
||||
READ_FULL_FILE_SECURE = 1 << 0,
|
||||
READ_FULL_FILE_UNBASE64 = 1 << 1,
|
||||
READ_FULL_FILE_UNHEX = 1 << 2,
|
||||
READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3,
|
||||
} ReadFullFileFlags;
|
||||
|
||||
int fopen_unlocked(const char *path, const char *options, FILE **ret);
|
||||
|
|
|
@ -983,7 +983,7 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
|
|||
|
||||
(void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
|
||||
|
||||
r = read_full_file_full(AT_FDCWD, sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len);
|
||||
r = read_full_file_full(AT_FDCWD, sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX | READ_FULL_FILE_WARN_WORLD_READABLE, (char **) &key, &key_len);
|
||||
if (r < 0)
|
||||
return log_netdev_error_errno(netdev, r,
|
||||
"Failed to read key from '%s', ignoring: %m",
|
||||
|
|
|
@ -888,7 +888,7 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_
|
|||
|
||||
(void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
|
||||
|
||||
r = read_full_file_full(AT_FDCWD, filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len);
|
||||
r = read_full_file_full(AT_FDCWD, filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_WARN_WORLD_READABLE, &key, &key_len);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
Loading…
Reference in a new issue