Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
wpa_supplicant.18995
wpa_supplicant-log-file-permission.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File wpa_supplicant-log-file-permission.patch of Package wpa_supplicant.18995
From 2fb45cd0370f1bc6d452df15dc1f7bf6575ed55c Mon Sep 17 00:00:00 2001 From: Karol Babioch <karol@babioch.de> Date: Thu, 11 Oct 2018 21:21:30 +0200 Subject: [PATCH v3 1/2] Create debug log file with more sane file permissions Previously the file permissions for the debug log file were not explicitly set. Instead it was implicitly relying on a secure umask, which in most cases would result in a file that is world-readable. This is a violation of good practices, since not very user of a file should have access to sensitive information that might be contained in the debug log file. This commit will explicitly set sane default file permissions in case the file is newly created. Unfortunately the fopen(3) function does not provide such a facility, so the approach needs to be changed in the following way: 1.) The file descriptor needs to be created manually using the open(3) function with the correct flags and the desired mode set. 2.) fdopen(3) can then be used on the file descriptor to associate a file stream with it. Note: This modification will not change the file permissions of any already existing debug log files, and only applies to newly created ones. Signed-off-by: Karol Babioch <karol@babioch.de> --- src/utils/wpa_debug.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c index 62758d864..5d2f7becb 100644 --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c @@ -58,6 +58,9 @@ static int wpa_to_android_level(int level) #ifndef CONFIG_NO_STDOUT_DEBUG #ifdef CONFIG_DEBUG_FILE +#include <sys/types.h> +#include <sys/stat.h> + static FILE *out_file = NULL; #endif /* CONFIG_DEBUG_FILE */ @@ -548,10 +551,19 @@ int wpa_debug_open_file(const char *path) last_path = os_strdup(path); } - out_file = fopen(path, "a"); + int out_fd = -1; + out_fd = open(path, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP); + if (out_fd < 0) { + wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " + "output file descriptor, using standard output"); + return -1; + } + + out_file = fdopen(out_fd, "a"); if (out_file == NULL) { wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " "output file, using standard output"); + close(out_fd); return -1; } #ifndef _WIN32 -- 2.19.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor