/* callbacks= */ NULL, /* callback_args= */ NULL,
(char**) argv,
ge,
- EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID);
+ EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS | EXEC_DIR_SET_SYSTEMD_EXEC_PID | EXEC_DIR_WARN_WORLD_WRITABLE);
}
static int manager_run_generators(Manager *m) {
log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : "");
}
+ if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
+ struct stat st;
+
+ r = stat(t, &st);
+ if (r < 0)
+ log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
+ else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
+ log_warning("'%s' is marked world-writable, which is a security risk as it "
+ "is executed with privileges. Please remove world writability "
+ "permission bits. Proceeding anyway.", t);
+ }
+
r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pid);
if (r <= 0)
continue;
EXEC_DIR_IGNORE_ERRORS = 1 << 1, /* Ignore non-zero exit status of scripts */
EXEC_DIR_SET_SYSTEMD_EXEC_PID = 1 << 2, /* Set $SYSTEMD_EXEC_PID environment variable */
EXEC_DIR_SKIP_REMAINING = 1 << 3, /* Ignore remaining executions when one exit with 77. */
+ EXEC_DIR_WARN_WORLD_WRITABLE = 1 << 4, /* Warn if world writable files are found */
} ExecDirFlags;
typedef enum ExecCommandFlags {
projects / thirdparty / systemd.git / commitdiff
