diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-11-04 16:21:26 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-12-01 14:17:46 +0100 |
commit | e5de42e6f26a0323bd4ac027140c1dc075b664fb (patch) | |
tree | f6a34a533d6f16dacd00aa4953b3c95ab1581e06 /src/journal-remote/journal-remote-main.c | |
parent | 8b3c3a49739d6fc10b8d0805b7ede9a330cf7d95 (diff) | |
download | systemd-e5de42e6f26a0323bd4ac027140c1dc075b664fb.tar.gz |
journal-remote: use READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE when reading PEM secret key
It's secret data, hence use the appropriate flags.
Diffstat (limited to 'src/journal-remote/journal-remote-main.c')
-rw-r--r-- | src/journal-remote/journal-remote-main.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index 16759aa6b5..a78896c14f 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -1078,7 +1078,11 @@ static int parse_argv(int argc, char *argv[]) { static int load_certificates(char **key, char **cert, char **trust) { int r; - r = read_full_file_full(AT_FDCWD, arg_key ?: PRIV_KEY_FILE, READ_FULL_FILE_CONNECT_SOCKET, NULL, key, NULL); + r = read_full_file_full( + AT_FDCWD, arg_key ?: PRIV_KEY_FILE, + READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, + NULL, + key, NULL); if (r < 0) return log_error_errno(r, "Failed to read key from file '%s': %m", arg_key ?: PRIV_KEY_FILE); |