===================================================================
RCS file: /cvs/cvs/blind/config.c,v
retrieving revision 1.5
retrieving revision 1.7
diff -u -p -r1.5 -r1.7
--- blind/config.c	2022/03/22 02:04:40	1.5
+++ blind/config.c	2022/03/29 20:14:23	1.7
@@ -14,13 +14,17 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <sys/stat.h>
+
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "blind.h"
 #include "log.h"
 
-struct blind * config_init(void);
+struct blind *	config_init(void);
+int		config_perm(int, const char *);
 
 struct blind *
 config_init(void)
@@ -35,7 +39,26 @@ config_init(void)
 
 	cfg->bl_ttl = BL_TTL;
 	cfg->bl_opt = BL_OPT_DEFAULT;
-	cfg->bl_flg = BL_FLG_DEFAULT;
 
 	return cfg;
+}
+
+int
+config_perm(int fd, const char *name)
+{
+        struct stat st;
+
+        if (fstat(fd, &st)) {
+                log_debug("cannot stat config file");
+                return (-1);
+        }
+        if (st.st_uid != 0 && st.st_uid != getuid()) {
+                log_debug("not root or current user owned");
+                return (-1);
+        }
+        if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
+                log_debug("insecure config file");
+                return (-1);
+        }
+        return (0);
 }