DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 21:05:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

keys+nts: warn if loading world-readable/writable key

Browse Source 
Log a warning message if the file specified by the keyfile or
ntsserverkey directive is world-readable or writable, which is likely
an insecure misconfiguration. There is no check of directories
containing the file.
This commit is contained in:
Miroslav Lichvar
2023-01-19 16:09:40 +01:00
parent 88e711ad9a
commit 9cba9c8585
4 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
util.c
View File

@@ -1248,6 +1248,29 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid)
/* ================================================== */
int
UTI_CheckFilePermissions(const char *path, mode_t perm)
{
mode_t extra_perm;
struct stat buf;
if (stat(path, &buf) < 0 || !S_ISREG(buf.st_mode)) {
/* Not considered an error */
return 1;
}
extra_perm = (buf.st_mode & 0777) & ~perm;
if (extra_perm != 0) {
LOG(LOGS_WARN, "%s permissions on %s", extra_perm & 0006 ?
(extra_perm & 0004 ? "World-readable" : "World-writable") : "Wrong", path);
return 0;
}
return 1;
}
/* ================================================== */
static int
join_path(const char *basedir, const char *name, const char *suffix,
char *buffer, size_t length, LOG_Severity severity)