Annotation of /trunk/ddclient/patches/ddclient-3.7.0-reasonable-security.patch
Parent Directory | Revision Log
Revision 144 -
(hide annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 858 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 858 byte(s)
-import
1 | niro | 144 | --- ddclient 2006-04-11 10:14:16.000000000 +0100 |
2 | +++ ddclient 2006-04-11 20:31:14.000000000 +0100 | ||
3 | @@ -776,15 +776,10 @@ | ||
4 | # fatal("Cannot open file '%s'. ($!)", $file); | ||
5 | warning("Cannot open file '%s'. ($!)", $file); | ||
6 | } | ||
7 | - # Check for only owner has any access to config file | ||
8 | + # Guard against world-readability of config file | ||
9 | my ($dev, $ino, $mode, @statrest) = stat(FD); | ||
10 | - if ($mode & 077) { | ||
11 | - if (-f FD && (chmod 0600, $file)) { | ||
12 | - warning("file $file must be accessible only by its owner (fixed)."); | ||
13 | - } else { | ||
14 | - # fatal("file $file must be accessible only by its owner."); | ||
15 | - warning("file $file must be accessible only by its owner."); | ||
16 | - } | ||
17 | + if ($mode & 007) { | ||
18 | + fatal("Must not be world-accessible\nchange its permissions using e.g.\nchmod 640", $file); | ||
19 | } | ||
20 | |||
21 | local $lineno = 0; |