tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't parse properties from unsafe files.

Browse source 
Don't set properties from files that are unsafe (world-writable
or group-writable)

Change-Id: I8da539c6446b10596be1d7c2014e4b9aea13e3fd
This commit is contained in:
Nick Kralevich 2012-01-18 10:39:01 -08:00
parent ee508560cc
commit 38f368c1b3
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
init/util.c
View file

@ -129,11 +129,23 @@ void *read_file(const char *fn, unsigned *_sz)
char *data;
int sz;
int fd;
struct stat sb;
data = 0;
fd = open(fn, O_RDONLY);
if(fd < 0) return 0;
// for security reasons, disallow world-writable
// or group-writable files
if (fstat(fd, &sb) < 0) {
ERROR("fstat failed for '%s'\n", fn);
goto oops;
}
if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
ERROR("skipping insecure file '%s'\n", fn);
goto oops;
}
sz = lseek(fd, 0, SEEK_END);
if(sz < 0) goto oops;