src - OpenBSD base system

diff options


context:
space:
mode:

author	Henning Brauer <henning@cvs.openbsd.org>	2014-01-22 00:21:18 +0000
committer	Henning Brauer <henning@cvs.openbsd.org>	2014-01-22 00:21:18 +0000
commit	446a42e5f7ee4fa1cf899b4250aa68b5e39ce002 (patch)
tree	f1d1d7294c34aa1208f8253af417724454c3050a /usr.sbin
parent	17a9845a120b50421e5f393c539c2623e9e5818e (diff)

relax the cfg file secrecy check slightly to allow group readability

default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/bgpd/parse.y

-rw-r--r--

usr.sbin/dvmrpd/parse.y

-rw-r--r--

usr.sbin/hostapd/parse.y

-rw-r--r--

usr.sbin/ifstated/parse.y

-rw-r--r--

usr.sbin/ldapd/parse.y

-rw-r--r--

usr.sbin/ldpd/parse.y

-rw-r--r--

usr.sbin/ospf6d/parse.y

-rw-r--r--

usr.sbin/ospfd/parse.y

-rw-r--r--

usr.sbin/relayd/parse.y

-rw-r--r--

usr.sbin/ripd/parse.y

-rw-r--r--

usr.sbin/smtpd/parse.y

-rw-r--r--

usr.sbin/snmpd/parse.y

-rw-r--r--

usr.sbin/ypldap/parse.y

13 files changed, 39 insertions, 39 deletions

diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index c7e90c0b500..ce2241a2835 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.270 2013/11/25 12:53:27 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.271 2014/01/22 00:21:16 henning Exp $ */

@@ -2505,8 +2505,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writeable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/dvmrpd/parse.y b/usr.sbin/dvmrpd/parse.y
index e19a32dc53a..be48ffaed8f 100644
--- a/usr.sbin/dvmrpd/parse.y
+++ b/usr.sbin/dvmrpd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.25 2013/11/25 12:54:14 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.26 2014/01/22 00:21:16 henning Exp $ */

@@ -660,8 +660,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y
index 8be163219e6..4914b7b45cd 100644
--- a/usr.sbin/hostapd/parse.y
+++ b/usr.sbin/hostapd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.44 2013/11/25 12:55:01 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.45 2014/01/22 00:21:16 henning Exp $ */

@@ -1678,8 +1678,8 @@ check_file_secrecy(int fd, const char *fname)

warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ifstated/parse.y b/usr.sbin/ifstated/parse.y
index 97ee32c89f6..4a3215387e9 100644
--- a/usr.sbin/ifstated/parse.y
+++ b/usr.sbin/ifstated/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.32 2013/11/25 12:55:44 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.33 2014/01/22 00:21:16 henning Exp $ */

@@ -658,8 +658,8 @@ check_file_secrecy(int fd, const char *fname)

warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ldapd/parse.y b/usr.sbin/ldapd/parse.y
index fab865cdc99..797f8b9f6b0 100644
--- a/usr.sbin/ldapd/parse.y
+++ b/usr.sbin/ldapd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.11 2013/11/25 12:56:41 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.12 2014/01/22 00:21:16 henning Exp $ */

@@ -709,8 +709,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ldpd/parse.y b/usr.sbin/ldpd/parse.y
index b497e383980..443e12671b1 100644
--- a/usr.sbin/ldpd/parse.y
+++ b/usr.sbin/ldpd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.19 2013/11/25 12:57:42 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.20 2014/01/22 00:21:16 henning Exp $ */

@@ -675,8 +675,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ospf6d/parse.y b/usr.sbin/ospf6d/parse.y
index a96f518755e..bad15fe7bed 100644
--- a/usr.sbin/ospf6d/parse.y
+++ b/usr.sbin/ospf6d/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.23 2013/11/25 12:59:13 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.24 2014/01/22 00:21:16 henning Exp $ */

@@ -830,8 +830,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y
index 55b596e5bed..fc3d9265c05 100644
--- a/usr.sbin/ospfd/parse.y
+++ b/usr.sbin/ospfd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.75 2013/11/25 12:59:34 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.76 2014/01/22 00:21:16 henning Exp $ */

@@ -1015,8 +1015,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index a252074e13d..a5e759ad015 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.174 2014/01/21 21:38:40 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.175 2014/01/22 00:21:16 henning Exp $ */

@@ -2192,8 +2192,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ripd/parse.y b/usr.sbin/ripd/parse.y
index df973c98751..225f7da5fa0 100644
--- a/usr.sbin/ripd/parse.y
+++ b/usr.sbin/ripd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.30 2013/11/25 13:00:27 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.31 2014/01/22 00:21:17 henning Exp $ */

@@ -684,8 +684,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index d324964d25b..38d8062fe07 100644
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.135 2013/12/26 17:25:32 eric Exp $ */

+/* $OpenBSD: parse.y,v 1.136 2014/01/22 00:21:17 henning Exp $ */

@@ -1451,8 +1451,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("warn: %s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("warn: %s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/snmpd/parse.y b/usr.sbin/snmpd/parse.y
index 24a7916d322..69b45cd0bf6 100644
--- a/usr.sbin/snmpd/parse.y
+++ b/usr.sbin/snmpd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.28 2013/11/25 13:00:56 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.29 2014/01/22 00:21:17 henning Exp $ */

@@ -813,8 +813,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);

diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y
index f717704be93..be2ffcb3bc9 100644
--- a/usr.sbin/ypldap/parse.y
+++ b/usr.sbin/ypldap/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.13 2013/11/25 13:01:18 benno Exp $ */

+/* $OpenBSD: parse.y,v 1.14 2014/01/22 00:21:17 henning Exp $ */

@@ -654,8 +654,8 @@ check_file_secrecy(int fd, const char *fname)

log_warnx("%s: owner not root or current user", fname);

return (-1);

}

- if (st.st_mode & (S_IRWXG | S_IRWXO)) {

- log_warnx("%s: group/world readable/writeable", fname);

+ if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

+ log_warnx("%s: group writable or world read/writable", fname);

return (-1);

}

return (0);