diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-02-10 23:10:24 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-02-10 23:10:24 +0000 |
| commit | cdff644cf8c0b0b4f53e6bd7a0f9cb7bd3dd5d54 (patch) | |
| tree | bae2582802d0264fb27bbfb8acea6122fe204296 /usr.sbin/bgpd/config.c | |
| parent | 18249894734f5a95ee65b8eff5bd3413e879d422 (diff) | |
enforce config file secrecy (correct owner, no rights for group/world)
help and ok theo
Diffstat (limited to 'usr.sbin/bgpd/config.c')
| -rw-r--r-- | usr.sbin/bgpd/config.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/usr.sbin/bgpd/config.c b/usr.sbin/bgpd/config.c index e9fab2a4b4c..b96706ba913 100644 --- a/usr.sbin/bgpd/config.c +++ b/usr.sbin/bgpd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.27 2004/02/03 22:28:05 henning Exp $ */ +/* $OpenBSD: config.c,v 1.28 2004/02/10 23:10:23 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -18,6 +18,7 @@ #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/mman.h> #include <errno.h> @@ -89,3 +90,26 @@ get_bgpid(void) return (ip); } + +int +check_file_secrecy(int fd, const char *fname) +{ + struct stat st; + + if (fstat(fd, &st)) { + log_warn("cannot stat %s", fname); + return (-1); + } + + if (st.st_uid != 0 && st.st_uid != getuid()) { + log_warnx("%s: owner not root or current user", fname); + return (-1); + } + + if (st.st_mode & (S_IRWXG | S_IRWXO)) { + log_warnx("%s: group/world readable/writeable", fname); + return (-1); + } + + return (0); +} |