diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c index 6c0511519..be14cd5b8 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -851,11 +851,30 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
851 | 851 | ||
852 | if (checkperm) { | 852 | if (checkperm) { |
853 | struct stat sb; | 853 | struct stat sb; |
854 | int bad_modes = 0; | ||
854 | 855 | ||
855 | if (fstat(fileno(f), &sb) == -1) | 856 | if (fstat(fileno(f), &sb) == -1) |
856 | fatal("fstat %s: %s", filename, strerror(errno)); | 857 | fatal("fstat %s: %s", filename, strerror(errno)); |
857 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 858 | if (sb.st_uid != 0 && sb.st_uid != getuid()) |
858 | (sb.st_mode & 022) != 0)) | 859 | bad_modes = 1; |
860 | if ((sb.st_mode & 020) != 0) { | ||
861 | /* If the file is group-writable, the group in | ||
862 | * question must have at most one member, namely the | ||
863 | * file's owner. | ||
864 | */ | ||
865 | struct passwd *pw = getpwuid(sb.st_uid); | ||
866 | struct group *gr = getgrgid(sb.st_gid); | ||
867 | if (!pw || !gr) | ||
868 | bad_modes = 1; | ||
869 | else if (gr->gr_mem[0]) { | ||
870 | if (strcmp(pw->pw_name, gr->gr_mem[0]) || | ||
871 | gr->gr_mem[1]) | ||
872 | bad_modes = 1; | ||
873 | } | ||
874 | } | ||
875 | if ((sb.st_mode & 002) != 0) | ||
876 | bad_modes = 1; | ||
877 | if (bad_modes) | ||
859 | fatal("Bad owner or permissions on %s", filename); | 878 | fatal("Bad owner or permissions on %s", filename); |
860 | } | 879 | } |
861 | 880 | ||