From 23c73ecc8c565b8247ce7f888170bfbbce3e589c Mon Sep 17 00:00:00 2001
From: pwernau <none@none>
Date: Wed, 24 Oct 2007 13:59:51 -0700
Subject: 5053475 certlib_load() error messages need improving. 6614180 file
 permissions on public keys and CRLs should be more open 6614741 keying
 material with insecure permissions should not be trusted

---
 usr/src/lib/libipsecutil/common/ipsec_util.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'usr/src/lib/libipsecutil/common/ipsec_util.h')

diff --git a/usr/src/lib/libipsecutil/common/ipsec_util.h b/usr/src/lib/libipsecutil/common/ipsec_util.h
index a78831e678..e9995cc6f8 100644
--- a/usr/src/lib/libipsecutil/common/ipsec_util.h
+++ b/usr/src/lib/libipsecutil/common/ipsec_util.h
@@ -79,6 +79,11 @@ extern "C" {
 #define	TBUF_SIZE	50
 #define	TIME_MAX	LONG_MAX
 
+#ifndef INSECURE_PERMS
+#define	INSECURE_PERMS(sbuf)	(((sbuf).st_uid != 0) || \
+	((sbuf).st_mode & S_IRWXG) || ((sbuf).st_mode & S_IRWXO))
+#endif
+
 /* For keyword-lookup tables */
 typedef struct keywdtab {
 	uint_t	kw_tag;
-- 
cgit v1.2.3