Browse code
Require strict permissions for config file when HTTPProxyPassword is specified.
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@430 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/03/23 05:21:57Showing 2 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Mon Mar 22 21:30:24 CET 2004 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * freshclam: require strict permissions for config file when HTTPProxyPassword |
|
| 4 |
+ is specified |
|
| 5 |
+ |
|
| 1 | 6 |
Mon Mar 22 09:28:04 GMT 2004 (trog) |
| 2 | 7 |
----------------------------------- |
| 3 | 8 |
* libclamav/vba_extract.c: minor cleanup |
| ... | ... |
@@ -105,6 +105,7 @@ int freshclam(struct optstruct *opt) |
| 105 | 105 |
char *unpuser; |
| 106 | 106 |
struct passwd *user; |
| 107 | 107 |
#endif |
| 108 |
+ struct stat statbuf; |
|
| 108 | 109 |
|
| 109 | 110 |
if(optc(opt, 'h')) {
|
| 110 | 111 |
free_opt(opt); |
| ... | ... |
@@ -128,9 +129,20 @@ int freshclam(struct optstruct *opt) |
| 128 | 128 |
if(optl(opt, "http-proxy") || optl(opt, "proxy-user")) |
| 129 | 129 |
mprintf("WARNING: Proxy settings are now only configurable in the config file.\n");
|
| 130 | 130 |
|
| 131 |
+ if(cfgopt(copt, "HTTPProxyPassword")) {
|
|
| 132 |
+ if(stat(cfgfile, &statbuf) == -1) {
|
|
| 133 |
+ mprintf("@Can't stat %s (critical error)\n");
|
|
| 134 |
+ return 56; |
|
| 135 |
+ } |
|
| 136 |
+ |
|
| 137 |
+ if(statbuf.st_mode & (S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)) {
|
|
| 138 |
+ mprintf("@Insecure permissions (for HTTPProxyPassword): %s must have no more than 0700 permissions.\n", cfgfile);
|
|
| 139 |
+ return 56; |
|
| 140 |
+ } |
|
| 141 |
+ } |
|
| 131 | 142 |
|
| 132 | 143 |
#ifndef C_CYGWIN |
| 133 |
- /* freshclam shouldn't work with root priviledges */ |
|
| 144 |
+ /* freshclam shouldn't work with root privileges */ |
|
| 134 | 145 |
if(optc(opt, 'u')) {
|
| 135 | 146 |
unpuser = getargc(opt, 'u'); |
| 136 | 147 |
} else if((cpt = cfgopt(copt, "DatabaseOwner"))) {
|