fs-util: add stat_warn_permissions() that operates on struct stat instead of fd
This commit is contained in:
parent
7183b22f12
commit
22ed4a6d9a
|
@ -353,26 +353,36 @@ int fchmod_opath(int fd, mode_t m) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int stat_warn_permissions(const char *path, const struct stat *st) {
|
||||||
|
assert(path);
|
||||||
|
assert(st);
|
||||||
|
|
||||||
|
/* Don't complain if we are reading something that is not a file, for example /dev/null */
|
||||||
|
if (!S_ISREG(st->st_mode))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (st->st_mode & 0111)
|
||||||
|
log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
|
||||||
|
|
||||||
|
if (st->st_mode & 0002)
|
||||||
|
log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
|
||||||
|
|
||||||
|
if (getpid_cached() == 1 && (st->st_mode & 0044) != 0044)
|
||||||
|
log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int fd_warn_permissions(const char *path, int fd) {
|
int fd_warn_permissions(const char *path, int fd) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|
||||||
|
assert(path);
|
||||||
|
assert(fd >= 0);
|
||||||
|
|
||||||
if (fstat(fd, &st) < 0)
|
if (fstat(fd, &st) < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
/* Don't complain if we are reading something that is not a file, for example /dev/null */
|
return stat_warn_permissions(path, &st);
|
||||||
if (!S_ISREG(st.st_mode))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (st.st_mode & 0111)
|
|
||||||
log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
|
|
||||||
|
|
||||||
if (st.st_mode & 0002)
|
|
||||||
log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
|
|
||||||
|
|
||||||
if (getpid_cached() == 1 && (st.st_mode & 0044) != 0044)
|
|
||||||
log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
|
int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
|
||||||
|
|
|
@ -40,6 +40,7 @@ int fchmod_umask(int fd, mode_t mode);
|
||||||
int fchmod_opath(int fd, mode_t m);
|
int fchmod_opath(int fd, mode_t m);
|
||||||
|
|
||||||
int fd_warn_permissions(const char *path, int fd);
|
int fd_warn_permissions(const char *path, int fd);
|
||||||
|
int stat_warn_permissions(const char *path, const struct stat *st);
|
||||||
|
|
||||||
#define laccess(path, mode) faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW)
|
#define laccess(path, mode) faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue