]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 39b7b6c)
network: also check the permission of key file
authorYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 11 Sep 2019 09:09:55 +0000 (18:09 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 11 Sep 2019 12:11:01 +0000 (21:11 +0900)
src/network/netdev/macsec.c patch | blob | blame | history
src/network/netdev/wireguard.c patch | blob | blame | history

diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c
index cf281e75a6d456ff512c896be5cd4d507b85a6ab..d1d65a69bfa010136ac7756d452759931672336f 100644 (file)
--- a/src/network/netdev/macsec.c
+++ b/src/network/netdev/macsec.c
@@ -981,6 +981,8 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
         if (!sa->key_file)
                 return 0;
 
+        (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
+
         r = read_full_file_full(sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len);
         if (r < 0)
                 return log_netdev_error_errno(netdev, r,
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 913ee2a0589772e1b0260a6009dceffb7741cf92..a40b32d148ef10446d70f7f996f01fd34e30e5e5 100644 (file)
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -901,6 +901,8 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_
 
         assert(dest);
 
+        (void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
+
         r = read_full_file_full(filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len);
         if (r < 0)
                 return r;
Unnamed repository; edit this file 'description' to name the repository.