summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c23
1 files changed, 21 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index 6c0511519..be14cd5b8 100644
--- a/readconf.c
+++ b/readconf.c
@@ -851,11 +851,30 @@ read_config_file(const char *filename, const char *host, Options *options,
851 851
852 if (checkperm) { 852 if (checkperm) {
853 struct stat sb; 853 struct stat sb;
854 int bad_modes = 0;
854 855
855 if (fstat(fileno(f), &sb) == -1) 856 if (fstat(fileno(f), &sb) == -1)
856 fatal("fstat %s: %s", filename, strerror(errno)); 857 fatal("fstat %s: %s", filename, strerror(errno));
857 if (((sb.st_uid != 0 && sb.st_uid != getuid()) || 858 if (sb.st_uid != 0 && sb.st_uid != getuid())
858 (sb.st_mode & 022) != 0)) 859 bad_modes = 1;
860 if ((sb.st_mode & 020) != 0) {
861 /* If the file is group-writable, the group in
862 * question must have at most one member, namely the
863 * file's owner.
864 */
865 struct passwd *pw = getpwuid(sb.st_uid);
866 struct group *gr = getgrgid(sb.st_gid);
867 if (!pw || !gr)
868 bad_modes = 1;
869 else if (gr->gr_mem[0]) {
870 if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
871 gr->gr_mem[1])
872 bad_modes = 1;
873 }
874 }
875 if ((sb.st_mode & 002) != 0)
876 bad_modes = 1;
877 if (bad_modes)
859 fatal("Bad owner or permissions on %s", filename); 878 fatal("Bad owner or permissions on %s", filename);
860 } 879 }
861 880