From: Maxime Villard <rustyBSD@gmx.fr>

Hi, we should check the permissions of the conf file. For example (really stupid situation): If the user mischmoded his conf file, a guy who have physical access could obtain root access by launching a program in root (after having modified paths in conf file); or a guy with ssh access, ... SVN revision: 76519
2012-09-12 11:49:46 +00:00 · 2012-09-12 11:49:46 +00:00 · eb5cd99f6b
parent e81c385e57
commit eb5cd99f6b
1 changed files with 19 additions and 0 deletions
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@ -28,6 +28,7 @@ static int auth_action_ok(char *a,
 static int auth_etc_enlightenment_sysactions(char *a,
                                             char *u,
                                             char **g);
+static void auth_etc_enlightenment_sysactions_perm(char *path);
 static char *get_word(char *s,
                      char *d);

@ -439,6 +440,9 @@ auth_etc_enlightenment_sysactions(char *a,
        f = fopen(file, "r");
        if (!f) return 0;
     }
+
+   auth_etc_enlightenment_sysactions_perm(file);
+
   while (fgets(buf, sizeof(buf), f))
     {
        line++;
@ -529,6 +533,21 @@ done:
   return ok;
 }

+static void
+auth_etc_enlightenment_sysactions_perm(char *path)
+{
+   struct stat st;
+   if (stat(path, &st) == -1)
+     return;
+
+   if ((st.st_mode & S_IWGRP) || (st.st_mode & S_IXGRP) ||
+       (st.st_mode & S_IWOTH) || (st.st_mode & S_IXOTH))
+     {
+        printf("ERROR: CONFIGURATION FILE HAS BAD PERMISSIONS\n");
+        exit(10);
+     }
+}
+
 static char *
 get_word(char *s,
         char *d)