diff options
| author | Niko Tyni <ntyni@iki.fi> | 2008-03-18 17:25:29 +0100 |
|---|---|---|
| committer | Niko Tyni <ntyni@iki.fi> | 2008-03-18 17:25:29 +0100 |
| commit | 877ac7fb8e93efcf0d7b547168749984bd4aa99d (patch) | |
| tree | 36923402964990ab5bcbeaf6793c7efb7cb547eb /lib/Smokeping.pm | |
| parent | c11e056ea3338b001a78f37a257db6fe3554b0d9 (diff) | |
| download | smokeping-877ac7fb8e93efcf0d7b547168749984bd4aa99d.tar.gz smokeping-877ac7fb8e93efcf0d7b547168749984bd4aa99d.tar.xz | |
bail out if the master/slave shared secret file is world-readable or writable
Diffstat (limited to 'lib/Smokeping.pm')
| -rw-r--r-- | lib/Smokeping.pm | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm index 13410af..26e8195 100644 --- a/lib/Smokeping.pm +++ b/lib/Smokeping.pm @@ -3339,7 +3339,12 @@ END_DOC _mandatory => [ qw(secrets) ], _sections => [ "/$KEYD_RE/" ], secrets => { - %$FILECHECK_SUB, + _sub => sub { + return "File '$_[0]' does not exist" unless -f $_[ 0 ]; + return "File '$_[0]' is world-readable or writable, refusing it" + if ((stat(_))[2] & 6); + return undef; + }, _doc => <<END_DOC, The slave secrets file contines one line per slave with the name of the slave followed by a colon and the secret: @@ -4032,6 +4037,8 @@ sub main (;$) { die "ERROR: no shared-secret defined along with master-url\n" unless $opt{'shared-secret'}; die "ERROR: no cache-dir defined along with master-url\n" unless $opt{'cache-dir'}; die "ERROR: no cache-dir ($opt{'cache-dir'}): $!\n" unless -d $opt{'cache-dir'}; + die "ERROR: the shared secret file ($opt{'shared-secret'}) is world-readable or writable" + if ((stat($opt{'shared-secret'}))[2] & 6); open my $fd, "<$opt{'shared-secret'}" or die "ERROR: opening $opt{'shared-secret'} $!\n"; chomp(my $secret = <$fd>); close $fd; |