Don't parse properties from unsafe files. Don't set properties from files that are unsafe (world-writable or group-writable) Change-Id: I8da539c6446b10596be1d7c2014e4b9aea13e3fd

commit: 38f368c1b3bac76d342189b6412691a217421178 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Jan 18 10:39:01 2012 -0800
committer: Nick Kralevich <nnk@google.com> Wed Jan 18 13:22:38 2012 -0800
tree: a13cc3945e02ee2234a0299c7f826bd64714cca9
parent: ee508560cc991485c8adf5826e4bf5cf67f183e1 [diff] [blame]
diff --git a/init/util.c b/init/util.c
index 13c9ca2..cb00f84 100755
--- a/init/util.c
+++ b/init/util.c

@@ -129,11 +129,23 @@
     char *data;
     int sz;
     int fd;
+    struct stat sb;
 
     data = 0;
     fd = open(fn, O_RDONLY);
     if(fd < 0) return 0;
 
+    // for security reasons, disallow world-writable
+    // or group-writable files
+    if (fstat(fd, &sb) < 0) {
+        ERROR("fstat failed for '%s'\n", fn);
+        goto oops;
+    }
+    if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
+        ERROR("skipping insecure file '%s'\n", fn);
+        goto oops;
+    }
+
     sz = lseek(fd, 0, SEEK_END);
     if(sz < 0) goto oops;
commit	38f368c1b3bac76d342189b6412691a217421178	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Jan 18 10:39:01 2012 -0800
committer	Nick Kralevich <nnk@google.com>	Wed Jan 18 13:22:38 2012 -0800
tree	a13cc3945e02ee2234a0299c7f826bd64714cca9
parent	ee508560cc991485c8adf5826e4bf5cf67f183e1 [diff] [blame]