mkswap: add warnings for insecure device permissions/owners

author Wayne R. Roth <wayneroth42@gmail.com>

Wed, 20 Jan 2016 06:09:37 +0000 (22:09 -0800)

committer Karel Zak <kzak@redhat.com>

Tue, 26 Jan 2016 10:26:00 +0000 (11:26 +0100)
author Wayne R. Roth <wayneroth42@gmail.com>
Wed, 20 Jan 2016 06:09:37 +0000 (22:09 -0800)
committer Karel Zak <kzak@redhat.com>
Tue, 26 Jan 2016 10:26:00 +0000 (11:26 +0100)
diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c

index c559e60e4431fc76bbc36cbb865d03421d0825d3..22999dafb92c4145ba0a42e4822e41052b26d4d3 100644 (file)
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -344,7 +344,7 @@ static void write_header_to_device(struct mkswap_control *ctl)
  int main(int argc, char **argv)
  {
         struct mkswap_control ctl = { .fd = -1 };
-       int c;
+       int c, permMask;
         uint64_t sz;
         int version = SWAP_VERSION;
         char *block_count = NULL, *strsz = NULL;
@@ -464,6 +464,15 @@ int main(int argc, char **argv)
                         ctl.devname);
  
         open_device(&ctl);
+       permMask = S_ISBLK(ctl.devstat.st_mode) ? 07007 : 07077;
+       if ((ctl.devstat.st_mode & permMask) != 0)
+               warnx(_("%s: insecure permissions %04o, %04o suggested."),
+                       ctl.devname, ctl.devstat.st_mode & 07777,
+                       ~permMask & 0666);
+       if (getuid() == 0 && S_ISREG(ctl.devstat.st_mode) && ctl.devstat.st_uid != 0)
+               warnx(_("%s: insecure file owner %d, 0 (root) suggested."),
+                       ctl.devname, ctl.devstat.st_uid);
+
  
         if (ctl.check)
                 check_blocks(&ctl);
author	Wayne R. Roth <wayneroth42@gmail.com>
	Wed, 20 Jan 2016 06:09:37 +0000 (22:09 -0800)
committer	Karel Zak <kzak@redhat.com>
	Tue, 26 Jan 2016 10:26:00 +0000 (11:26 +0100)