network: also check the permission of key file

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2019-09-11 18:09:55 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2019-09-11 21:11:01 +0900
commit: 0bae857564e5189bed600f0a243d96b81b5dcb09 (patch)
tree: c8163aafa869b1673638854b2d8147d8ca30a320
parent: 39b7b6cb4ad4a9765afb4e0b47ca5d9aa004d8c5 (diff)
download: systemd-0bae857564e5189bed600f0a243d96b81b5dcb09.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c
index cf281e75a6..d1d65a69bf 100644
--- a/src/network/netdev/macsec.c
+++ b/src/network/netdev/macsec.c
@@ -981,6 +981,8 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) {
         if (!sa->key_file)
                 return 0;
 
+        (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0);
+
         r = read_full_file_full(sa->key_file, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX, (char **) &key, &key_len);
         if (r < 0)
                 return log_netdev_error_errno(netdev, r,
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index 913ee2a058..a40b32d148 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -901,6 +901,8 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_
 
         assert(dest);
 
+        (void) warn_file_is_world_accessible(filename, NULL, NULL, 0);
+
         r = read_full_file_full(filename, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64, &key, &key_len);
         if (r < 0)
                 return r;
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2019-09-11 18:09:55 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2019-09-11 21:11:01 +0900
commit	0bae857564e5189bed600f0a243d96b81b5dcb09 (patch)
tree	c8163aafa869b1673638854b2d8147d8ca30a320
parent	39b7b6cb4ad4a9765afb4e0b47ca5d9aa004d8c5 (diff)
download	systemd-0bae857564e5189bed600f0a243d96b81b5dcb09.tar.gz