diff options
| author | Nick Kralevich <nnk@google.com> | 2012-01-18 10:39:01 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-01-18 13:22:38 -0800 |
| commit | 38f368c1b3bac76d342189b6412691a217421178 (patch) | |
| tree | a13cc3945e02ee2234a0299c7f826bd64714cca9 /init | |
| parent | ee508560cc991485c8adf5826e4bf5cf67f183e1 (diff) | |
| download | system_core-38f368c1b3bac76d342189b6412691a217421178.tar.gz system_core-38f368c1b3bac76d342189b6412691a217421178.tar.bz2 system_core-38f368c1b3bac76d342189b6412691a217421178.zip | |
Don't parse properties from unsafe files.
Don't set properties from files that are unsafe (world-writable
or group-writable)
Change-Id: I8da539c6446b10596be1d7c2014e4b9aea13e3fd
Diffstat (limited to 'init')
| -rwxr-xr-x | init/util.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/init/util.c b/init/util.c index 13c9ca25..cb00f848 100755 --- a/init/util.c +++ b/init/util.c @@ -129,11 +129,23 @@ void *read_file(const char *fn, unsigned *_sz) char *data; int sz; int fd; + struct stat sb; data = 0; fd = open(fn, O_RDONLY); if(fd < 0) return 0; + // for security reasons, disallow world-writable + // or group-writable files + if (fstat(fd, &sb) < 0) { + ERROR("fstat failed for '%s'\n", fn); + goto oops; + } + if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) { + ERROR("skipping insecure file '%s'\n", fn); + goto oops; + } + sz = lseek(fd, 0, SEEK_END); if(sz < 0) goto oops; |