picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

conf-parser: warn when we open configuration files with weird access bits

Browse source
This commit is contained in:
Lennart Poettering 2014-02-03 12:52:16 +01:00
parent e59749b1f8
commit fdb9161cd3
4 changed files with 35 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/core/load-dropin.c
View file

@ -100,8 +100,8 @@ static int process_dir(
UnitDependency dependency,
char ***strv) {
_cleanup_free_ char *path = NULL;
int r;
char *path;
assert(u);
assert(unit_path);
@ -112,39 +112,29 @@ static int process_dir(
if (!path)
return log_oom();
if (u->manager->unit_path_cache &&
!set_get(u->manager->unit_path_cache, path))
r = 0;
else
if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, path)) {
r = iterate_dir(u, path, dependency, strv);
free(path);
if (r < 0)
return r;
if (r < 0)
return r;
}
if (u->instance) {
char *template;
_cleanup_free_ char *template = NULL, *p = NULL;
/* Also try the template dir */
template = unit_name_template(name);
if (!template)
return log_oom();
path = strjoin(unit_path, "/", template, suffix, NULL);
free(template);
if (!path)
p = strjoin(unit_path, "/", template, suffix, NULL);
if (!p)
return log_oom();
if (u->manager->unit_path_cache &&
!set_get(u->manager->unit_path_cache, path))
r = 0;
else
r = iterate_dir(u, path, dependency, strv);
free(path);
if (r < 0)
return r;
if (!u->manager->unit_path_cache || set_get(u->manager->unit_path_cache, p)) {
r = iterate_dir(u, p, dependency, strv);
if (r < 0)
return r;
}
}
return 0;

2
src/shared/conf-parser.c
View file

@ -332,6 +332,8 @@ int config_parse(const char *unit,
}
}
fd_warn_permissions(filename, fileno(f));
while (!feof(f)) {
char l[LINE_MAX], *p, *c = NULL, *e;
bool escaped = false;

18
src/shared/util.c
View file

@ -6132,3 +6132,21 @@ int open_tmpfile(const char *path, int flags) {
unlink(p);
return fd;
}
int fd_warn_permissions(const char *path, int fd) {
struct stat st;
if (fstat(fd, &st) < 0)
return -errno;
if (st.st_mode & 0111)
log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
if (st.st_mode & 0002)
log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
if (getpid() == 1 && (st.st_mode & 0044) != 0044)
log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
return 0;
}

2
src/shared/util.h
View file

@ -867,3 +867,5 @@ int writev_safe(int fd, const struct iovec *w, int j);
int mkostemp_safe(char *pattern, int flags);
int open_tmpfile(const char *path, int flags);
int fd_warn_permissions(const char *path, int fd);