From e601c0259e9e6a48e04ce3e0ff793cb564a89716 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 16 Mar 2000 20:55:37 +0000 Subject: Fixes to add "paranoid" option to popen. Checks some basic things. Jeremy (This used to be commit 3b8cbb10de322fd7a1063fb5b681790b10d24ab0) --- source3/param/loadparm.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source3/param') diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 48dc6cf123..4f6178a569 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -2039,7 +2039,7 @@ static BOOL handle_source_env(char *pszParmValue,char **ptr) DEBUG(4, ("handle_source_env: source env from pipe\n")); p++; - if ((env = sys_popen(p, "r")) == NULL) { + if ((env = sys_popen(p, "r", True)) == NULL) { DEBUG(0,("handle_source_env: Failed to popen %s. Error was %s\n", p, strerror(errno) )); return(False); } @@ -2050,11 +2050,29 @@ static BOOL handle_source_env(char *pszParmValue,char **ptr) } else { + SMB_STRUCT_STAT st; + DEBUG(4, ("handle_source_env: source env from file %s\n", fname)); if ((env = sys_fopen(fname, "r")) == NULL) { DEBUG(0,("handle_source_env: Failed to open file %s, Error was %s\n", fname, strerror(errno) )); return(False); } + + /* + * Ensure this file is owned by root and not writable by world. + */ + if(fstat(fileno(env), &st) != 0) { + DEBUG(0,("handle_source_env: Failed to stat file %s, Error was %s\n", fname, strerror(errno) )); + fclose(env); + return False; + } + + if((st.st_uid != (uid_t)0) || (st.st_mode & S_IWOTH)) { + DEBUG(0,("handle_source_env: unsafe to source env file %s. Not owned by root or world writable\n", fname )); + fclose(env); + return False; + } + result=source_env(env); fclose(env); } -- cgit