From 74d85b79a4ad550761b93e125bcd1ec2efb741d2 Mon Sep 17 00:00:00 2001 From: xSmurf Date: Sat, 13 Jun 2015 18:51:50 +0000 Subject: [PATCH] Checking of config file permissions --- config.go | 39 +++++++++++++++++++++++++++++++++++++-- oz-daemon/daemon.go | 9 +++++++-- oz-init/init.go | 9 +++++++-- 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/config.go b/config.go index 329e2c2..4a51cd5 100644 --- a/config.go +++ b/config.go @@ -2,7 +2,11 @@ package oz import ( "encoding/json" + "fmt" "io/ioutil" + "os" + "path" + "syscall" ) type Config struct { @@ -36,8 +40,15 @@ func NewDefaultConfig() *Config { } } -func LoadConfig(path string) (*Config, error) { - bs, err := ioutil.ReadFile(path) +func LoadConfig(cpath string) (*Config, error) { + if _, err := os.Stat(cpath); os.IsNotExist(err) { + return nil,err + } + if err := checkConfigPermissions(cpath); err != nil { + return nil, err + } + + bs, err := ioutil.ReadFile(cpath) if err != nil { return nil, err } @@ -47,3 +58,27 @@ func LoadConfig(path string) (*Config, error) { } return c, nil } + +func checkConfigPermissions(fpath string) error { + pd := path.Dir(fpath) + for _, fp := range []string{pd, fpath} { + if err := checkPathRootPermissions(fp); err != nil { + return fmt.Errorf("file (%s) is %s", fp, err) + } + } + return nil +} + +func checkPathRootPermissions(fpath string) error { + fstat, err := os.Stat(fpath) + if err != nil { + return err + } + if (fstat.Mode().Perm() & syscall.S_IWOTH) != 0 { + return fmt.Errorf("writable by everyone!", fpath) + } + if (fstat.Mode().Perm() & syscall.S_IWGRP) != 0 && fstat.Sys().(*syscall.Stat_t).Gid != 0 { + return fmt.Errorf("writable by someone else than root!", err) + } + return nil +} diff --git a/oz-daemon/daemon.go b/oz-daemon/daemon.go index 6e3e851..c357102 100644 --- a/oz-daemon/daemon.go +++ b/oz-daemon/daemon.go @@ -51,8 +51,13 @@ func initialize() *daemonState { var config *oz.Config config, err := oz.LoadConfig(oz.DefaultConfigPath) if err != nil { - d.log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath) - config = oz.NewDefaultConfig() + if os.IsNotExist(err) { + d.log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath) + config = oz.NewDefaultConfig() + } else { + d.log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err) + os.Exit(1) + } } d.log.Info("Oz Global Config: %+v", config) d.config = config diff --git a/oz-init/init.go b/oz-init/init.go index 728a631..82021d6 100644 --- a/oz-init/init.go +++ b/oz-init/init.go @@ -79,8 +79,13 @@ func parseArgs() *initState { var config *oz.Config config, err := oz.LoadConfig(oz.DefaultConfigPath) if err != nil { - log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath) - config = oz.NewDefaultConfig() + if os.IsNotExist(err) { + log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath) + config = oz.NewDefaultConfig() + } else { + log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err) + os.Exit(1) + } } p, err := loadProfile(config.ProfileDir, pname)