From eb5cd99f6bccf79386f743a30258c17a28a7afc6 Mon Sep 17 00:00:00 2001
From: Maxime Villard <rustyBSD@gmx.fr>
Date: Wed, 12 Sep 2012 11:49:46 +0000
Subject: [PATCH] From: Maxime Villard <rustyBSD@gmx.fr>

Hi,
 we should check the permissions of the conf file.

 For example (really stupid situation):
 If the user mischmoded his conf file, a guy who have
 physical access could obtain root access by launching
 a program in root (after having modified paths in conf
 file); or a guy with ssh access, ...


SVN revision: 76519
---
 src/bin/e_sys_main.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index 2b9f80831..ea2779fe8 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -28,6 +28,7 @@ static int auth_action_ok(char *a,
 static int auth_etc_enlightenment_sysactions(char *a,
                                              char *u,
                                              char **g);
+static void auth_etc_enlightenment_sysactions_perm(char *path);
 static char *get_word(char *s,
                       char *d);
 
@@ -439,6 +440,9 @@ auth_etc_enlightenment_sysactions(char *a,
         f = fopen(file, "r");
         if (!f) return 0;
      }
+
+   auth_etc_enlightenment_sysactions_perm(file);
+
    while (fgets(buf, sizeof(buf), f))
      {
         line++;
@@ -529,6 +533,21 @@ done:
    return ok;
 }
 
+static void
+auth_etc_enlightenment_sysactions_perm(char *path)
+{
+   struct stat st;
+   if (stat(path, &st) == -1)
+     return;
+
+   if ((st.st_mode & S_IWGRP) || (st.st_mode & S_IXGRP) ||
+       (st.st_mode & S_IWOTH) || (st.st_mode & S_IXOTH))
+     {
+        printf("ERROR: CONFIGURATION FILE HAS BAD PERMISSIONS\n");
+        exit(10);
+     }
+}
+
 static char *
 get_word(char *s,
          char *d)