summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES3
-rw-r--r--lib/Smokeping.pm9
2 files changed, 11 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index ce9d054..3636825 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+* bail out if the master/slave shared secret file is world-readable
+ or writable --niko
+
* add some security notes to the master/slave documentation --niko
* Switch message hash generation to Digest::HMAC_MD5 (bundled) since this
diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm
index 13410af..26e8195 100644
--- a/lib/Smokeping.pm
+++ b/lib/Smokeping.pm
@@ -3339,7 +3339,12 @@ END_DOC
_mandatory => [ qw(secrets) ],
_sections => [ "/$KEYD_RE/" ],
secrets => {
- %$FILECHECK_SUB,
+ _sub => sub {
+ return "File '$_[0]' does not exist" unless -f $_[ 0 ];
+ return "File '$_[0]' is world-readable or writable, refusing it"
+ if ((stat(_))[2] & 6);
+ return undef;
+ },
_doc => <<END_DOC,
The slave secrets file contines one line per slave with the name of the slave followed by a colon
and the secret:
@@ -4032,6 +4037,8 @@ sub main (;$) {
die "ERROR: no shared-secret defined along with master-url\n" unless $opt{'shared-secret'};
die "ERROR: no cache-dir defined along with master-url\n" unless $opt{'cache-dir'};
die "ERROR: no cache-dir ($opt{'cache-dir'}): $!\n" unless -d $opt{'cache-dir'};
+ die "ERROR: the shared secret file ($opt{'shared-secret'}) is world-readable or writable"
+ if ((stat($opt{'shared-secret'}))[2] & 6);
open my $fd, "<$opt{'shared-secret'}" or die "ERROR: opening $opt{'shared-secret'} $!\n";
chomp(my $secret = <$fd>);
close $fd;