conf: warn if not having read-only access to keys
After dropping root privileges, log a warning message if chronyd doesn't have read access or has (unnecessary) write access to the files containing symmetric and server NTS keys.
This commit is contained in:
Miroslav Lichvar
parent
9cba9c8585
commit
883b0dde94
5 changed files with 35 additions and 1 deletions
13
conf.c
13
conf.c
|
|
@ -1774,6 +1774,19 @@ CNF_CreateDirs(uid_t uid, gid_t gid)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
void
|
||||
CNF_CheckReadOnlyAccess(void)
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
if (keys_file)
|
||||
UTI_CheckReadOnlyAccess(keys_file);
|
||||
for (i = 0; i < ARR_GetSize(nts_server_key_files); i++)
|
||||
UTI_CheckReadOnlyAccess(*(char **)ARR_GetElement(nts_server_key_files, i));
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
void
|
||||
CNF_AddInitSources(void)
|
||||
{
|
||||
|
|
|
|||
2
conf.h
2
conf.h
|
|
@ -44,6 +44,8 @@ extern void CNF_ParseLine(const char *filename, int number, char *line);
|
|||
|
||||
extern void CNF_CreateDirs(uid_t uid, gid_t gid);
|
||||
|
||||
extern void CNF_CheckReadOnlyAccess(void);
|
||||
|
||||
extern void CNF_AddInitSources(void);
|
||||
extern void CNF_AddSources(void);
|
||||
extern void CNF_AddBroadcasts(void);
|
||||
|
|
|
|||
6
main.c
6
main.c
|
|
@ -637,9 +637,13 @@ int main
|
|||
}
|
||||
|
||||
/* Drop root privileges if the specified user has a non-zero UID */
|
||||
if (!geteuid() && (pw->pw_uid || pw->pw_gid))
|
||||
if (!geteuid() && (pw->pw_uid || pw->pw_gid)) {
|
||||
SYS_DropRoot(pw->pw_uid, pw->pw_gid, SYS_MAIN_PROCESS);
|
||||
|
||||
/* Warn if missing read access or having write access to keys */
|
||||
CNF_CheckReadOnlyAccess();
|
||||
}
|
||||
|
||||
if (!geteuid())
|
||||
LOG(LOGS_WARN, "Running with root privileges");
|
||||
|
||||
|
|
|
|||
11
util.c
11
util.c
|
|
@ -1271,6 +1271,17 @@ UTI_CheckFilePermissions(const char *path, mode_t perm)
|
|||
|
||||
/* ================================================== */
|
||||
|
||||
void
|
||||
UTI_CheckReadOnlyAccess(const char *path)
|
||||
{
|
||||
if (access(path, R_OK) != 0 && errno != ENOENT)
|
||||
LOG(LOGS_WARN, "Missing read access to %s : %s", path, strerror(errno));
|
||||
if (access(path, W_OK) == 0)
|
||||
LOG(LOGS_WARN, "Having write access to %s", path);
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
static int
|
||||
join_path(const char *basedir, const char *name, const char *suffix,
|
||||
char *buffer, size_t length, LOG_Severity severity)
|
||||
|
|
|
|||
4
util.h
4
util.h
|
|
@ -200,6 +200,10 @@ extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid
|
|||
specified. It does not return error if it is not an accessible file. */
|
||||
extern int UTI_CheckFilePermissions(const char *path, mode_t perm);
|
||||
|
||||
/* Log a warning message if not having read access or having write access
|
||||
to a file/directory */
|
||||
extern void UTI_CheckReadOnlyAccess(const char *path);
|
||||
|
||||
/* Open a file. The full path of the file is constructed from the basedir
|
||||
(may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL).
|
||||
Created files have specified permissions (umasked). Returns NULL on error.
|
||||
|
|
|
|||
Loading…
Reference in a new issue