diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-19 17:06:30 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-28 21:57:11 +0200 |
commit | a5f79cce8abc74beec0c27c477c046bb6cbe7101 (patch) | |
tree | fb47df991dd16f7cb7790b4a15d8b912728eb03c /src/util | |
parent | 9a592ee3fc195f20732c6b1f90894a0be25ccc19 (diff) | |
download | sssd-a5f79cce8abc74beec0c27c477c046bb6cbe7101.tar.gz sssd-a5f79cce8abc74beec0c27c477c046bb6cbe7101.tar.xz sssd-a5f79cce8abc74beec0c27c477c046bb6cbe7101.zip |
confdb: Change file checks for config file
We only really care that the file is readable by the owner and not
accessible by group or others. We do not really care whether the owner
can write/execute the file or not, so we mask out those perms.
Resolves:
https://bugzilla.redhat.com/1089098
Resolves:
https://fedorahosted.org/sssd/ticket/2321
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/sss_ini.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c index 89b133da0..63b96f287 100644 --- a/src/util/sss_ini.c +++ b/src/util/sss_ini.c @@ -120,7 +120,8 @@ int sss_ini_config_file_open(struct sss_ini_initdata *init_data, &init_data->file); #elif defined(HAVE_LIBINI_CONFIG_V0) return check_and_open_readonly(config_file, &init_data->file, 0, 0, - S_IFREG|S_IRUSR|S_IWUSR, 0); + S_IFREG|S_IRUSR, /* f r**------ */ + S_IFMT|(ALLPERMS & ~(S_IWUSR|S_IXUSR))); #endif } @@ -137,8 +138,8 @@ int sss_ini_config_access_check(struct sss_ini_initdata *init_data) INI_ACCESS_CHECK_GID, 0, /* owned by root */ 0, /* owned by root */ - (S_IRUSR|S_IWUSR), /* rw------- */ - 0); /* check all there parts */ + S_IRUSR, /* r**------ */ + ALLPERMS & ~(S_IWUSR|S_IXUSR)); #elif defined(HAVE_LIBINI_CONFIG_V0) return EOK; #endif |