fileio: add explicit flag for generating world executable warning when reading file

author Lennart Poettering <lennart@poettering.net>

Fri, 17 Jul 2020 09:53:22 +0000 (11:53 +0200)

committer Lennart Poettering <lennart@poettering.net>

Tue, 21 Jul 2020 07:56:44 +0000 (09:56 +0200)
author Lennart Poettering <lennart@poettering.net>
Fri, 17 Jul 2020 09:53:22 +0000 (11:53 +0200)
committer Lennart Poettering <lennart@poettering.net>
Tue, 21 Jul 2020 07:56:44 +0000 (09:56 +0200)
diff --git a/src/basic/fileio.c b/src/basic/fileio.c

index f2f1e1139f7adfd0122b344834285f8d3231b389..6478a14097de28f2fc1cf2fae3bc99451f9997d5 100644 (file)
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -505,7 +505,7 @@ int read_full_stream_full(
                          if (st.st_size > 0)
                                  n_next = st.st_size + 1;
  
-                        if (flags & READ_FULL_FILE_SECURE)
+                        if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
                                  (void) warn_file_is_world_accessible(filename, &st, NULL, 0);
                  }
          }
diff --git a/src/basic/fileio.h b/src/basic/fileio.h

index e2830b7963eb0902c2af2865d494e75d2782bef4..4ce51265157ab350a7ca11ccafe124246e4a7dec 100644 (file)
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -32,9 +32,10 @@ typedef enum {
  } WriteStringFileFlags;
  
  typedef enum {
-        READ_FULL_FILE_SECURE   = 1 << 0,
-        READ_FULL_FILE_UNBASE64 = 1 << 1,
-        READ_FULL_FILE_UNHEX    = 1 << 2,
+        READ_FULL_FILE_SECURE              = 1 << 0,
+        READ_FULL_FILE_UNBASE64            = 1 << 1,
+        READ_FULL_FILE_UNHEX               = 1 << 2,
+        READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3,
  } ReadFullFileFlags;
  
  int fopen_unlocked(const char *path, const char *options, FILE **ret);
diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c

index 57d8f567b9650e9201875725b61da0770d7265bc..ab55a4a48947196ce62496e43660d47d682fb1bb 100644 (file)
--- a/src/network/netdev/macsec.c
+++ b/src/network/netdev/macsec.c
@@ -983,7 +983,7 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
  
          (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
  
-        r = read_full_file_full(AT_FDCWD, sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len);
+        r = read_full_file_full(AT_FDCWD, sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX | READ_FULL_FILE_WARN_WORLD_READABLE, (char **) &key, &key_len);
          if (r < 0)
                  return log_netdev_error_errno(netdev, r,
                                                "Failed to read key from '%s', ignoring: %m",
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c

index b6af9925b745fdca415bf7068bf5ae1eeefa1aa2..9636ac77367d8c2f1a1b8ccf39c1caa2e87d051c 100644 (file)
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -888,7 +888,7 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_
  
          (void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
  
-        r = read_full_file_full(AT_FDCWD, filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len);
+        r = read_full_file_full(AT_FDCWD, filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_WARN_WORLD_READABLE, &key, &key_len);
          if (r < 0)
                  return r;
author	Lennart Poettering <lennart@poettering.net>
	Fri, 17 Jul 2020 09:53:22 +0000 (11:53 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 21 Jul 2020 07:56:44 +0000 (09:56 +0200)
src/basic/fileio.c		patch \| blob \| blame \| history
src/basic/fileio.h		patch \| blob \| blame \| history
src/network/netdev/macsec.c		patch \| blob \| blame \| history
src/network/netdev/wireguard.c		patch \| blob \| blame \| history