summaryrefslogtreecommitdiffstats
path: root/source/param
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-03-16 20:55:37 +0000
committerJeremy Allison <jra@samba.org>2000-03-16 20:55:37 +0000
commit3b8cbb10de322fd7a1063fb5b681790b10d24ab0 (patch)
tree216c14fc7592e3041a7c975f8e9e0f856a5ad811 /source/param
parentd97f5d57d07b03c1df69099625b9d3faabe3f605 (diff)
downloadsamba-3b8cbb10de322fd7a1063fb5b681790b10d24ab0.tar.gz
samba-3b8cbb10de322fd7a1063fb5b681790b10d24ab0.tar.xz
samba-3b8cbb10de322fd7a1063fb5b681790b10d24ab0.zip
Fixes to add "paranoid" option to popen. Checks some basic things.
Jeremy
Diffstat (limited to 'source/param')
-rw-r--r--source/param/loadparm.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 48dc6cf123a..4f6178a5690 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -2039,7 +2039,7 @@ static BOOL handle_source_env(char *pszParmValue,char **ptr)
DEBUG(4, ("handle_source_env: source env from pipe\n"));
p++;
- if ((env = sys_popen(p, "r")) == NULL) {
+ if ((env = sys_popen(p, "r", True)) == NULL) {
DEBUG(0,("handle_source_env: Failed to popen %s. Error was %s\n", p, strerror(errno) ));
return(False);
}
@@ -2050,11 +2050,29 @@ static BOOL handle_source_env(char *pszParmValue,char **ptr)
} else {
+ SMB_STRUCT_STAT st;
+
DEBUG(4, ("handle_source_env: source env from file %s\n", fname));
if ((env = sys_fopen(fname, "r")) == NULL) {
DEBUG(0,("handle_source_env: Failed to open file %s, Error was %s\n", fname, strerror(errno) ));
return(False);
}
+
+ /*
+ * Ensure this file is owned by root and not writable by world.
+ */
+ if(fstat(fileno(env), &st) != 0) {
+ DEBUG(0,("handle_source_env: Failed to stat file %s, Error was %s\n", fname, strerror(errno) ));
+ fclose(env);
+ return False;
+ }
+
+ if((st.st_uid != (uid_t)0) || (st.st_mode & S_IWOTH)) {
+ DEBUG(0,("handle_source_env: unsafe to source env file %s. Not owned by root or world writable\n", fname ));
+ fclose(env);
+ return False;
+ }
+
result=source_env(env);
fclose(env);
}