=================================================================== RCS file: /cvs/cvs/blind/config.c,v retrieving revision 1.4 retrieving revision 1.8 diff -u -p -r1.4 -r1.8 --- blind/config.c 2022/03/19 07:42:12 1.4 +++ blind/config.c 2022/04/03 11:01:52 1.8 @@ -14,13 +14,17 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + #include #include +#include #include "blind.h" #include "log.h" -struct blind * config_init(void); +struct blind * config_init(void); +int config_perm(int, const char *); struct blind * config_init(void) @@ -30,12 +34,31 @@ config_init(void) if ((cfg = calloc(1, sizeof(*cfg))) == NULL) return cfg; - if (strlcpy(cfg->bl_sock, BL_SOCK, PATH_MAX) >= PATH_MAX) - log_fatal("socket file name exceeds PATH_MAX"); - - cfg->bl_ttl = BL_TTL; - cfg->bl_opt = BL_OPT_DEFAULT; - cfg->bl_flg = BL_FLG_DEFAULT; + if (strlcpy(cfg->bl_sock, BL_SOCK, PATH_MAX) >= PATH_MAX) + log_fatal("socket file name exceeds PATH_MAX"); + cfg->bl_ttl = BL_TTL; + cfg->bl_opt = BL_OPT_DEFAULT; + return cfg; +} + +int +config_perm(int fd, const char *name) +{ + struct stat st; + + if (fstat(fd, &st)) { + log_debug("cannot stat config file"); + return (-1); + } + if (st.st_uid != 0 && st.st_uid != getuid()) { + log_debug("not root or current user owned"); + return (-1); + } + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_debug("insecure config file"); + return (-1); + } + return (0); }