git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@430 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/03/23 05:21:57... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Mar 22 21:30:24 CET 2004 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * freshclam: require strict permissions for config file when HTTPProxyPassword |
|
4 |
+ is specified |
|
5 |
+ |
|
1 | 6 |
Mon Mar 22 09:28:04 GMT 2004 (trog) |
2 | 7 |
----------------------------------- |
3 | 8 |
* libclamav/vba_extract.c: minor cleanup |
... | ... |
@@ -105,6 +105,7 @@ int freshclam(struct optstruct *opt) |
105 | 105 |
char *unpuser; |
106 | 106 |
struct passwd *user; |
107 | 107 |
#endif |
108 |
+ struct stat statbuf; |
|
108 | 109 |
|
109 | 110 |
if(optc(opt, 'h')) { |
110 | 111 |
free_opt(opt); |
... | ... |
@@ -128,9 +129,20 @@ int freshclam(struct optstruct *opt) |
128 | 128 |
if(optl(opt, "http-proxy") || optl(opt, "proxy-user")) |
129 | 129 |
mprintf("WARNING: Proxy settings are now only configurable in the config file.\n"); |
130 | 130 |
|
131 |
+ if(cfgopt(copt, "HTTPProxyPassword")) { |
|
132 |
+ if(stat(cfgfile, &statbuf) == -1) { |
|
133 |
+ mprintf("@Can't stat %s (critical error)\n"); |
|
134 |
+ return 56; |
|
135 |
+ } |
|
136 |
+ |
|
137 |
+ if(statbuf.st_mode & (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)) { |
|
138 |
+ mprintf("@Insecure permissions (for HTTPProxyPassword): %s must have no more than 0700 permissions.\n", cfgfile); |
|
139 |
+ return 56; |
|
140 |
+ } |
|
141 |
+ } |
|
131 | 142 |
|
132 | 143 |
#ifndef C_CYGWIN |
133 |
- /* freshclam shouldn't work with root priviledges */ |
|
144 |
+ /* freshclam shouldn't work with root privileges */ |
|
134 | 145 |
if(optc(opt, 'u')) { |
135 | 146 |
unpuser = getargc(opt, 'u'); |
136 | 147 |
} else if((cpt = cfgopt(copt, "DatabaseOwner"))) { |