diff options
| author |   schwarze <schwarze@openbsd.org> | 2011-07-20 21:02:19 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2011-07-20 21:02:19 +0000 |
| commit | beb20fb721be7614be1ffef19c78737283dc5ed1 (patch) | |
| tree | 90d8483566a1435c4a6a78a8bd9272a0e098e3cb | |
| parent | For now, disable msi interrupts. Reading through the linux driver one (diff) | |
| download | wireguard-openbsd-beb20fb721be7614be1ffef19c78737283dc5ed1.tar.xz wireguard-openbsd-beb20fb721be7614be1ffef19c78737283dc5ed1.zip | |
During mailbox and special file checks, skip all files that can't
be stat(2)'ed, but do not complain about those that were just removed,
because removing files is not a security risk in itself.
Sorry, i can't remember the original reporter of the issue;
reported again by mk@; patch looks good to Andrew Fresh.
| -rw-r--r-- | libexec/security/security | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/libexec/security/security b/libexec/security/security index df4411492e2..5e2248813d4 100644 --- a/libexec/security/security +++ b/libexec/security/security @@ -1,6 +1,6 @@ #!/usr/bin/perl -T -# $OpenBSD: security,v 1.16 2011/07/20 00:39:15 schwarze Exp $ +# $OpenBSD: security,v 1.17 2011/07/20 21:02:19 schwarze Exp $ # # Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org> # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com> @@ -21,6 +21,7 @@ use warnings; use strict; require Digest::MD5; +use Errno qw(ENOENT); use Fcntl qw(:mode); use File::Basename qw(basename); use File::Compare qw(compare); @@ -448,9 +449,10 @@ sub check_mailboxes { foreach my $name (readdir $dh) { next if $name =~ /^\.\.?$/; my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5]; - nag !defined $mode, - "stat: $dir/$name: $!" - and next; + unless (defined $mode) { + nag !$!{ENOENT}, "stat: $dir/$name: $!"; + next; + } my $fname = (getpwuid $fuid)[0] // $fuid; my $gname = (getgrgid $fgid)[0] // $fgid; nag $fname ne $name, @@ -548,9 +550,10 @@ sub find_special_files { my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = lstat; - nag !defined $dev, - "stat: $_: $!" - and return; + unless (defined $dev) { + nag !$!{ENOENT}, "stat: $_: $!"; + return; + } # SUID/SGID files my $file = {}; |