diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-09-11 18:09:55 +0900 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-09-11 21:11:01 +0900 |
commit | 0bae857564e5189bed600f0a243d96b81b5dcb09 (patch) | |
tree | c8163aafa869b1673638854b2d8147d8ca30a320 | |
parent | 39b7b6cb4ad4a9765afb4e0b47ca5d9aa004d8c5 (diff) | |
download | systemd-0bae857564e5189bed600f0a243d96b81b5dcb09.tar.gz |
network: also check the permission of key file
-rw-r--r-- | src/network/netdev/macsec.c | 2 | ||||
-rw-r--r-- | src/network/netdev/wireguard.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c index cf281e75a6..d1d65a69bf 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -981,6 +981,8 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) { if (!sa->key_file) return 0; + (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0); + r = read_full_file_full(sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len); if (r < 0) return log_netdev_error_errno(netdev, r, diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 913ee2a058..a40b32d148 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -901,6 +901,8 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_ assert(dest); + (void) warn_file_is_world_accessible(filename, NULL, NULL, 0); + r = read_full_file_full(filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len); if (r < 0) return r; |