journal-remote: use READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE when reading PEM secret key

It's secret data, hence use the appropriate flags.
author: Lennart Poettering <lennart@poettering.net> 2020-11-04 16:21:26 +0100
committer: Lennart Poettering <lennart@poettering.net> 2020-12-01 14:17:46 +0100
commit: e5de42e6f26a0323bd4ac027140c1dc075b664fb (patch)
tree: f6a34a533d6f16dacd00aa4953b3c95ab1581e06 /src/journal-remote/journal-remote-main.c
parent: 8b3c3a49739d6fc10b8d0805b7ede9a330cf7d95 (diff)
download: systemd-e5de42e6f26a0323bd4ac027140c1dc075b664fb.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 16759aa6b5..a78896c14f 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -1078,7 +1078,11 @@ static int parse_argv(int argc, char *argv[]) {
 static int load_certificates(char **key, char **cert, char **trust) {
         int r;
 
-        r = read_full_file_full(AT_FDCWD, arg_key ?: PRIV_KEY_FILE, READ_FULL_FILE_CONNECT_SOCKET, NULL, key, NULL);
+        r = read_full_file_full(
+                        AT_FDCWD, arg_key ?: PRIV_KEY_FILE,
+                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
+                        NULL,
+                        key, NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to read key from file '%s': %m",
                                        arg_key ?: PRIV_KEY_FILE);
author	Lennart Poettering <lennart@poettering.net>	2020-11-04 16:21:26 +0100
committer	Lennart Poettering <lennart@poettering.net>	2020-12-01 14:17:46 +0100
commit	e5de42e6f26a0323bd4ac027140c1dc075b664fb (patch)
tree	f6a34a533d6f16dacd00aa4953b3c95ab1581e06 /src/journal-remote/journal-remote-main.c
parent	8b3c3a49739d6fc10b8d0805b7ede9a330cf7d95 (diff)
download	systemd-e5de42e6f26a0323bd4ac027140c1dc075b664fb.tar.gz