Fabio/ddclient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #413 from oddlama/develop

Browse source 
Improve warnings about ddclient.conf permissions. (fixes #348)
This commit is contained in:
Sandro 2022-05-15 22:10:17 +02:00 committed by GitHub
commit 833828334e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
ddclient.in
View file

@ -1425,14 +1425,21 @@ sub _read_config {
if (!open(FD, "< $file")) {
warning("Cannot open file '%s'. (%s)", $file, $!);
}
# Check for only owner has any access to config file
# If file is owned by our effective uid, ensure that it has no access for group or others.
# Otherwise, require that it isn't writable when not owned by us. For example allow it to
# be owned by root:ddclient with mode 640. Always ensure that it is not accessible to others.
my ($dev, $ino, $mode, @statrest) = stat(FD);
if ($mode & 077) {
if ($mode & 077 && -o FD) {
if (-f FD && (chmod 0600, $file)) {
warning("file %s must be accessible only by its owner (fixed).", $file);
} else {
warning("file %s must be accessible only by its owner.", $file);
warning("file $file must be accessible only by its owner (fixed).");
}
warning("file $file must be accessible only by its owner.");
} elsif (! -o FD && -w FD) {
warning("file $file should be owned only by ddclient or not be writable.");
}
if ($mode & 07) {
warning("file $file must not be accessible by others.");
}
local $lineno = 0;