Check directory and config file permissions
* Check history directory and configuration file permissions, and
correct them to 0700 and 0600 if necessary.
* Warn when mcabber main directory ($HOME/.mcabber) has bad permissions
* Reset UseFileLogging & FileLoadLogs when the log dir does not exist
--- a/mcabber/src/histolog.c Sat Jul 23 21:50:06 2005 +0100
+++ b/mcabber/src/histolog.c Sun Jul 24 14:37:27 2005 +0100
@@ -229,7 +229,7 @@
int l = strlen(root_dir);
if (l < 1) {
scr_LogPrint("root_dir too short");
- UseFileLogging = FALSE;
+ UseFileLogging = FileLoadLogs = FALSE;
return;
}
// RootDir must be slash-terminated
@@ -247,11 +247,16 @@
strcpy(RootDir, home);
strcat(RootDir, dir);
}
- // FIXME
- // We should check the directory actually exists
- } else // Disable history logging
- if (RootDir) {
- g_free(RootDir);
+ // Check directory permissions (should not be readable by group/others)
+ if (checkset_perm(RootDir, TRUE) == -1) {
+ // The directory does not actually exists
+ g_free(RootDir);
+ scr_LogPrint("ERROR: Can't access history log directory");
+ UseFileLogging = FileLoadLogs = FALSE;
+ }
+ } else { // Disable history logging
+ if (RootDir)
+ g_free(RootDir);
}
}
--- a/mcabber/src/settings.c Sat Jul 23 21:50:06 2005 +0100
+++ b/mcabber/src/settings.c Sun Jul 24 14:37:27 2005 +0100
@@ -92,11 +92,20 @@
return -1;
}
}
+ // Check configuration file permissions
+ // As it could contain sensitive data, we make it user-readable only
+ checkset_perm(filename, TRUE);
+ // Check mcabber dir. There we just warn, we don't change the modes
+ sprintf(filename, "%s/.mcabber/", home);
+ checkset_perm(filename, FALSE);
g_free(filename);
- }
- else if ((fp = fopen(filename, "r")) == NULL) {
- perror("fopen (cfg_file())");
- return -1;
+ } else {
+ if ((fp = fopen(filename, "r")) == NULL) {
+ perror("fopen (cfg_file())");
+ return -1;
+ }
+ // Check configuration file permissions (see above)
+ checkset_perm(filename, TRUE);
}
buf = g_new(char, 512);
--- a/mcabber/src/utils.c Sat Jul 23 21:50:06 2005 +0100
+++ b/mcabber/src/utils.c Sun Jul 24 14:37:27 2005 +0100
@@ -26,8 +26,12 @@
#include <string.h>
#include <stdarg.h>
#include <time.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include <config.h>
+#include "screen.h"
static int DebugEnabled;
static char *FName;
@@ -90,6 +94,45 @@
}
}
+// checkset_perm(name, setmode)
+// Check the permissions of the "name" file/dir
+// If setmode is true, correct the permissions if they are wrong
+// Return values: -1 == bad file/dir, 0 == success, 1 == cannot correct
+int checkset_perm(const char *name, unsigned int setmode)
+{
+ int fd;
+ struct stat buf;
+
+ fd = lstat(name, &buf);
+ if (fd == -1) return -1;
+
+ if (buf.st_uid != geteuid()) {
+ scr_LogPrint("Wrong file owner [%s]", name);
+ return 1;
+ }
+
+ if (buf.st_mode & (S_IRGRP | S_IWGRP | S_IXGRP) ||
+ buf.st_mode & (S_IROTH | S_IWOTH | S_IXOTH)) {
+ if (setmode) {
+ mode_t newmode = 0;
+ scr_LogPrint("Bad permissions [%s]", name);
+ if (S_ISDIR(buf.st_mode))
+ newmode |= S_IXUSR;
+ newmode |= S_IRUSR | S_IWUSR;
+ if (chmod(name, newmode)) {
+ scr_LogPrint("WARNING: Failed to correct permissions!");
+ return 1;
+ }
+ scr_LogPrint("Permissions have been corrected");
+ } else {
+ scr_LogPrint("WARNING: Bad permissions [%s]", name);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
// to_iso8601(dststr, timestamp)
// Convert timestamp to iso8601 format, and store it in dststr.
// NOTE: dststr should be at last 19 chars long.
@@ -185,4 +228,3 @@
return retval;
}
-
--- a/mcabber/src/utils.h Sat Jul 23 21:50:06 2005 +0100
+++ b/mcabber/src/utils.h Sun Jul 24 14:37:27 2005 +0100
@@ -4,6 +4,8 @@
void ut_InitDebug(unsigned int level, const char *file);
void ut_WriteLog(const char *fmt, ...);
+int checkset_perm(const char *name, unsigned int setmode);
+
int to_iso8601(char *dststr, time_t timestamp);
time_t from_iso8601(const char *timestamp, int utc);