diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-04-08 14:15:10 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-04-09 15:50:22 +0900 |
| commit | 50caae7b92b787ea938df736b0d29349839f138e (patch) | |
| tree | 89ee89a3a4bd53302df8b7f5162b453be7d71222 /src/basic | |
| parent | 7a309a8c63a5b090f093e561dadc47b576afa569 (diff) | |
| download | systemd-50caae7b92b787ea938df736b0d29349839f138e.tar.gz | |
fileio: read_full_file_full() also warns when file is world readable and secure flag is set
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/fileio.c | 6 | ||||
| -rw-r--r-- | src/basic/fileio.h | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/src/basic/fileio.c b/src/basic/fileio.c index 7196516b9e..78928979e9 100644 --- a/src/basic/fileio.c +++ b/src/basic/fileio.c @@ -266,6 +266,7 @@ int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { int read_full_stream_full( FILE *f, + const char *filename, ReadFullFileFlags flags, char **ret_contents, size_t *ret_size) { @@ -298,6 +299,9 @@ int read_full_stream_full( * already makes us notice the EOF. */ if (st.st_size > 0) n_next = st.st_size + 1; + + if (flags & READ_FULL_FILE_SECURE) + (void) warn_file_is_world_accessible(filename, &st, NULL, 0); } } @@ -388,7 +392,7 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - return read_full_stream_full(f, flags, contents, size); + return read_full_stream_full(f, filename, flags, contents, size); } int executable_is_script(const char *path, char **interpreter) { diff --git a/src/basic/fileio.h b/src/basic/fileio.h index 93e972c2ee..6add67750a 100644 --- a/src/basic/fileio.h +++ b/src/basic/fileio.h @@ -48,9 +48,9 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co static inline int read_full_file(const char *filename, char **contents, size_t *size) { return read_full_file_full(filename, 0, contents, size); } -int read_full_stream_full(FILE *f, ReadFullFileFlags flags, char **contents, size_t *size); +int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); static inline int read_full_stream(FILE *f, char **contents, size_t *size) { - return read_full_stream_full(f, 0, contents, size); + return read_full_stream_full(f, NULL, 0, contents, size); } int verify_file(const char *fn, const char *blob, bool accept_extra_nl); |