[sr-dev] git:master: modules/carrierroute fixed permission checking in mod_init
Marius Zbihlei
marius.zbihlei at 1and1.ro
Fri Apr 1 16:16:44 CEST 2011
Module: sip-router
Branch: master
Commit: 78f3ede8c89a0456460158157439da90290ee8ad
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=78f3ede8c89a0456460158157439da90290ee8ad
Author: Marius Zbihlei <marius.zbihlei at 1and1.ro>
Committer: Marius Zbihlei <marius.zbihlei at 1and1.ro>
Date: Fri Apr 1 17:14:01 2011 +0300
modules/carrierroute fixed permission checking in mod_init
Check the permission of the cfg file based on the user settings passed to the daemon, it it applies
---
modules/carrierroute/carrierroute.c | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/modules/carrierroute/carrierroute.c b/modules/carrierroute/carrierroute.c
index 1a7abe7..3200cb2 100644
--- a/modules/carrierroute/carrierroute.c
+++ b/modules/carrierroute/carrierroute.c
@@ -40,6 +40,7 @@
#include "../../sr_module.h"
#include "../../str.h"
#include "../../mem/mem.h"
+#include "../../ut.h" /* for user2uid() */
#include "carrierroute.h"
#include "cr_fixup.h"
#include "cr_map.h"
@@ -154,6 +155,8 @@ struct module_exports exports = {
*/
static int mod_init(void) {
struct stat fs;
+ extern char* user; /*from main.c*/
+ int uid, gid;
if(register_mi_mod(exports.name, mi_cmds)!=0)
{
@@ -197,9 +200,20 @@ static int mod_init(void) {
if(fs.st_mode & S_IWOTH){
LM_WARN("insecure file permissions, routing data is world writeable\n");
}
+
+ if (user){
+ if (user2uid(&uid, &gid, user)<0){
+ LM_ERR("bad user name/uid number: -u %s\n", user);
+ return -1;
+ }
+ } else {
+ uid = geteuid();
+ gid = getegid();
+ }
+
if( !( fs.st_mode & S_IWOTH) &&
- !((fs.st_mode & S_IWGRP) && (fs.st_gid == getegid())) &&
- !((fs.st_mode & S_IWUSR) && (fs.st_uid == geteuid())) ) {
+ !((fs.st_mode & S_IWGRP) && (fs.st_gid == uid)) &&
+ !((fs.st_mode & S_IWUSR) && (fs.st_uid == gid))) {
LM_ERR("config file %s not writable\n", config_file);
return -1;
}
More information about the sr-dev
mailing list