diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 22 |
1 files changed, 1 insertions, 21 deletions
diff --git a/readconf.c b/readconf.c index 487c3399b..2a5a706ab 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1002,30 +1002,10 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
1002 | 1002 | ||
1003 | if (checkperm) { | 1003 | if (checkperm) { |
1004 | struct stat sb; | 1004 | struct stat sb; |
1005 | int bad_modes = 0; | ||
1006 | 1005 | ||
1007 | if (fstat(fileno(f), &sb) == -1) | 1006 | if (fstat(fileno(f), &sb) == -1) |
1008 | fatal("fstat %s: %s", filename, strerror(errno)); | 1007 | fatal("fstat %s: %s", filename, strerror(errno)); |
1009 | if (sb.st_uid != 0 && sb.st_uid != getuid()) | 1008 | if (!secure_permissions(&sb, getuid())) |
1010 | bad_modes = 1; | ||
1011 | if ((sb.st_mode & 020) != 0) { | ||
1012 | /* If the file is group-writable, the group in | ||
1013 | * question must have at most one member, namely the | ||
1014 | * file's owner. | ||
1015 | */ | ||
1016 | struct passwd *pw = getpwuid(sb.st_uid); | ||
1017 | struct group *gr = getgrgid(sb.st_gid); | ||
1018 | if (!pw || !gr) | ||
1019 | bad_modes = 1; | ||
1020 | else if (gr->gr_mem[0]) { | ||
1021 | if (strcmp(pw->pw_name, gr->gr_mem[0]) || | ||
1022 | gr->gr_mem[1]) | ||
1023 | bad_modes = 1; | ||
1024 | } | ||
1025 | } | ||
1026 | if ((sb.st_mode & 002) != 0) | ||
1027 | bad_modes = 1; | ||
1028 | if (bad_modes) | ||
1029 | fatal("Bad owner or permissions on %s", filename); | 1009 | fatal("Bad owner or permissions on %s", filename); |
1030 | } | 1010 | } |
1031 | 1011 | ||