diff options
| author |   henning <henning@openbsd.org> | 2014-01-22 00:21:16 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2014-01-22 00:21:16 +0000 |
| commit | 7140c133f0de7533c019c39b5af9a025c9cfeb6d (patch) | |
| tree | 9a11e4613af27a10a4bc31cbb8c3ffdd9cbbcfc2 | |
| parent | wakeup_n and wakeup_one blurbs (diff) | |
| download | wireguard-openbsd-7140c133f0de7533c019c39b5af9a025c9cfeb6d.tar.xz wireguard-openbsd-7140c133f0de7533c019c39b5af9a025c9cfeb6d.zip | |
relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian
| -rw-r--r-- | sbin/iked/parse.y | 6 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 6 | ||||
| -rw-r--r-- | sbin/pfctl/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/dvmrpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/hostapd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ifstated/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ldapd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ldpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ospf6d/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ospfd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/relayd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ripd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/smtpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/snmpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/ypldap/parse.y | 6 |
16 files changed, 48 insertions, 48 deletions
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 141f25a51e2..b8864672e10 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.34 2013/12/03 13:55:39 markus Exp $ */ +/* $OpenBSD: parse.y,v 1.35 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -1368,8 +1368,8 @@ check_file_secrecy(int fd, const char *fname) warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 85ff48fc273..0b823385077 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.158 2013/11/25 12:52:12 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.159 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1246,8 +1246,8 @@ check_file_secrecy(int fd, const char *fname) warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index b7060a1bba0..07b78055f1e 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.630 2014/01/21 01:51:55 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.631 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -5821,8 +5821,8 @@ check_file_secrecy(int fd, const char *fname) warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index c7e90c0b500..ce2241a2835 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.270 2013/11/25 12:53:27 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.271 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -2505,8 +2505,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writeable", fname); return (-1); } return (0); diff --git a/usr.sbin/dvmrpd/parse.y b/usr.sbin/dvmrpd/parse.y index e19a32dc53a..be48ffaed8f 100644 --- a/usr.sbin/dvmrpd/parse.y +++ b/usr.sbin/dvmrpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.25 2013/11/25 12:54:14 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.26 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004, 2005, 2006 Esben Norby <norby@openbsd.org> @@ -660,8 +660,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y index 8be163219e6..4914b7b45cd 100644 --- a/usr.sbin/hostapd/parse.y +++ b/usr.sbin/hostapd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.44 2013/11/25 12:55:01 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.45 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004, 2005, 2006 Reyk Floeter <reyk@openbsd.org> @@ -1678,8 +1678,8 @@ check_file_secrecy(int fd, const char *fname) warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ifstated/parse.y b/usr.sbin/ifstated/parse.y index 97ee32c89f6..4a3215387e9 100644 --- a/usr.sbin/ifstated/parse.y +++ b/usr.sbin/ifstated/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.32 2013/11/25 12:55:44 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.33 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org> @@ -658,8 +658,8 @@ check_file_secrecy(int fd, const char *fname) warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ldapd/parse.y b/usr.sbin/ldapd/parse.y index fab865cdc99..797f8b9f6b0 100644 --- a/usr.sbin/ldapd/parse.y +++ b/usr.sbin/ldapd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.11 2013/11/25 12:56:41 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.12 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martinh@openbsd.org> @@ -709,8 +709,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ldpd/parse.y b/usr.sbin/ldpd/parse.y index b497e383980..443e12671b1 100644 --- a/usr.sbin/ldpd/parse.y +++ b/usr.sbin/ldpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.19 2013/11/25 12:57:42 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.20 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org> @@ -675,8 +675,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ospf6d/parse.y b/usr.sbin/ospf6d/parse.y index a96f518755e..bad15fe7bed 100644 --- a/usr.sbin/ospf6d/parse.y +++ b/usr.sbin/ospf6d/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.23 2013/11/25 12:59:13 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.24 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -830,8 +830,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ospfd/parse.y b/usr.sbin/ospfd/parse.y index 55b596e5bed..fc3d9265c05 100644 --- a/usr.sbin/ospfd/parse.y +++ b/usr.sbin/ospfd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.75 2013/11/25 12:59:34 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.76 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> @@ -1015,8 +1015,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index a252074e13d..a5e759ad015 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.174 2014/01/21 21:38:40 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.175 2014/01/22 00:21:16 henning Exp $ */ /* * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org> @@ -2192,8 +2192,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ripd/parse.y b/usr.sbin/ripd/parse.y index df973c98751..225f7da5fa0 100644 --- a/usr.sbin/ripd/parse.y +++ b/usr.sbin/ripd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.30 2013/11/25 13:00:27 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.31 2014/01/22 00:21:17 henning Exp $ */ /* * Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it> @@ -684,8 +684,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index d324964d25b..38d8062fe07 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.135 2013/12/26 17:25:32 eric Exp $ */ +/* $OpenBSD: parse.y,v 1.136 2014/01/22 00:21:17 henning Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1451,8 +1451,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("warn: %s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("warn: %s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/snmpd/parse.y b/usr.sbin/snmpd/parse.y index 24a7916d322..69b45cd0bf6 100644 --- a/usr.sbin/snmpd/parse.y +++ b/usr.sbin/snmpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.28 2013/11/25 13:00:56 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.29 2014/01/22 00:21:17 henning Exp $ */ /* * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org> @@ -813,8 +813,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y index f717704be93..be2ffcb3bc9 100644 --- a/usr.sbin/ypldap/parse.y +++ b/usr.sbin/ypldap/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.13 2013/11/25 13:01:18 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.14 2014/01/22 00:21:17 henning Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -654,8 +654,8 @@ check_file_secrecy(int fd, const char *fname) log_warnx("%s: owner not root or current user", fname); return (-1); } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); + if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) { + log_warnx("%s: group writable or world read/writable", fname); return (-1); } return (0); |