faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

keys+nts: warn if loading world-readable/writable key

Browse source 
Log a warning message if the file specified by the keyfile or
ntsserverkey directive is world-readable or writable, which is likely
an insecure misconfiguration. There is no check of directories
containing the file.
This commit is contained in:
Miroslav Lichvar 2023-01-19 16:09:40 +01:00
parent 88e711ad9a
commit 9cba9c8585
4 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
keys.c
View file

@ -182,6 +182,9 @@ KEY_Reload(void)
if (!key_file) if (!key_file)
return; return;
if (!UTI_CheckFilePermissions(key_file, 0771))
;
in = UTI_OpenFile(NULL, key_file, NULL, 'r', 0); in = UTI_OpenFile(NULL, key_file, NULL, 'r', 0);
if (!in) { if (!in) {
LOG(LOGS_WARN, "Could not open keyfile %s", key_file); LOG(LOGS_WARN, "Could not open keyfile %s", key_file);

2
nts_ke_session.c
View file

@ -667,6 +667,8 @@ create_credentials(const char **certs, const char **keys, int n_certs_keys,
assert(0); assert(0);
for (i = 0; i < n_certs_keys; i++) { for (i = 0; i < n_certs_keys; i++) {
if (!UTI_CheckFilePermissions(keys[i], 0771))
;
r = gnutls_certificate_set_x509_key_file(credentials, certs[i], keys[i], r = gnutls_certificate_set_x509_key_file(credentials, certs[i], keys[i],
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if (r < 0) if (r < 0)

23
util.c
View file

@ -1248,6 +1248,29 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid)
/* ================================================== */ /* ================================================== */
int
UTI_CheckFilePermissions(const char *path, mode_t perm)
{
mode_t extra_perm;
struct stat buf;
if (stat(path, &buf) < 0 || !S_ISREG(buf.st_mode)) {
/* Not considered an error */
return 1;
}
extra_perm = (buf.st_mode & 0777) & ~perm;
if (extra_perm != 0) {
LOG(LOGS_WARN, "%s permissions on %s", extra_perm & 0006 ?
(extra_perm & 0004 ? "World-readable" : "World-writable") : "Wrong", path);
return 0;
}
return 1;
}
/* ================================================== */
static int static int
join_path(const char *basedir, const char *name, const char *suffix, join_path(const char *basedir, const char *name, const char *suffix,
char *buffer, size_t length, LOG_Severity severity) char *buffer, size_t length, LOG_Severity severity)

4
util.h
View file

@ -196,6 +196,10 @@ extern int UTI_CreateDirAndParents(const char *path, mode_t mode, uid_t uid, gid
permissions and its uid/gid must match the specified values. */ permissions and its uid/gid must match the specified values. */
extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid); extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid);
/* Check and log a warning message if a file has more permissions than
specified. It does not return error if it is not an accessible file. */
extern int UTI_CheckFilePermissions(const char *path, mode_t perm);
/* Open a file. The full path of the file is constructed from the basedir /* Open a file. The full path of the file is constructed from the basedir
(may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL). (may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL).
Created files have specified permissions (umasked). Returns NULL on error. Created files have specified permissions (umasked). Returns NULL on error.