Warn if the main config file could be written by other system users
This commit is contained in:
parent
658835b4ff
commit
0b559bb54f
|
@ -6,9 +6,12 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"path"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
|
||||||
|
"github.com/jedisct1/dlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
type CryptoConstruction uint16
|
type CryptoConstruction uint16
|
||||||
|
@ -162,3 +165,31 @@ func ReadTextFile(filename string) (string, error) {
|
||||||
bin = bytes.TrimPrefix(bin, []byte{0xef, 0xbb, 0xbf})
|
bin = bytes.TrimPrefix(bin, []byte{0xef, 0xbb, 0xbf})
|
||||||
return string(bin), nil
|
return string(bin), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func maybeWritableByOtherUsers(p string) (bool, string, error) {
|
||||||
|
p = path.Clean(p)
|
||||||
|
for p != "/" && p != "." {
|
||||||
|
st, err := os.Stat(p)
|
||||||
|
if err != nil {
|
||||||
|
return false, p, err
|
||||||
|
}
|
||||||
|
mode := st.Mode()
|
||||||
|
if mode&2 == 2 && !(st.IsDir() && mode&01000 == 01000) {
|
||||||
|
return true, p, nil
|
||||||
|
}
|
||||||
|
p = path.Dir(p)
|
||||||
|
}
|
||||||
|
return false, "", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func WarnIfMaybeWritableByOtherUsers(p string) {
|
||||||
|
if ok, px, err := maybeWritableByOtherUsers(p); ok {
|
||||||
|
if px == p {
|
||||||
|
dlog.Criticalf("[%s] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions", p)
|
||||||
|
} else {
|
||||||
|
dlog.Warnf("[%s] can be modified by other system users because [%s] is writable by other users - If this is not intentional, it is recommended to fix the access permissions", p, px)
|
||||||
|
}
|
||||||
|
} else if err != nil {
|
||||||
|
dlog.Warnf("Error while checking if [%s] is accessible: [%s] : [%s]", p, px, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -326,6 +326,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
|
||||||
*flags.ConfigFile,
|
*flags.ConfigFile,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
WarnIfMaybeWritableByOtherUsers(foundConfigFile)
|
||||||
config := newConfig()
|
config := newConfig()
|
||||||
md, err := toml.DecodeFile(foundConfigFile, &config)
|
md, err := toml.DecodeFile(foundConfigFile, &config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue