diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-04-30 00:48:03 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-04-30 13:36:01 +0200 |
commit | 8973790ee6f62132b1b57de15c4edaef2c097004 (patch) | |
tree | 31dffe515b774f1efe4e9a20c1b23a554ea31ec5 /src/cryptsetup | |
parent | cgroup: do not allow manipulating the cgroup path of units within the systemd... (diff) | |
download | systemd-8973790ee6f62132b1b57de15c4edaef2c097004.tar.xz systemd-8973790ee6f62132b1b57de15c4edaef2c097004.zip |
cryptsetup: warn if /etc/crypttab is world-readable
Diffstat (limited to 'src/cryptsetup')
-rw-r--r-- | src/cryptsetup/cryptsetup-generator.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 228039d91f..7eae1c8c67 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -328,13 +328,13 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cm } int main(int argc, char *argv[]) { + _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL; + _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL; + _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL; _cleanup_fclose_ FILE *f = NULL; unsigned n = 0; int r = EXIT_SUCCESS; char **i; - _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL; - _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL; - _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL; if (argc > 1 && argc != 4) { log_error("This program takes three or no arguments."); @@ -357,8 +357,9 @@ int main(int argc, char *argv[]) { return EXIT_SUCCESS; if (arg_read_crypttab) { - f = fopen("/etc/crypttab", "re"); + struct stat st; + f = fopen("/etc/crypttab", "re"); if (!f) { if (errno == ENOENT) r = EXIT_SUCCESS; @@ -366,7 +367,20 @@ int main(int argc, char *argv[]) { r = EXIT_FAILURE; log_error("Failed to open /etc/crypttab: %m"); } - } else for (;;) { + + goto next; + } + + if (fstat(fileno(f), &st) < 0) { + log_error("Failed to stat /etc/crypttab: %m"); + r = EXIT_FAILURE; + goto next; + } + + if (st.st_mode & 0005) + log_warning("/etc/crypttab is world-readable. This is usually not a good idea."); + + for (;;) { char line[LINE_MAX], *l; _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL; int k; @@ -420,6 +434,7 @@ int main(int argc, char *argv[]) { } } +next: STRV_FOREACH(i, arg_proc_cmdline_disks) { /* Generate units for those UUIDs, which were specified |