summaryrefslogtreecommitdiff
path: root/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c')
-rw-r--r--usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c38
1 files changed, 32 insertions, 6 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c b/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
index 24f3410dde..175b6f348a 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
+++ b/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
@@ -3613,14 +3613,40 @@ main(int argc, char *argv[])
case 'f':
if (dosave)
usage();
+
+ /*
+ * Use stat() to check and see if the user inadvertently
+ * passed in a bad pathname, or the name of a directory.
+ * We should also check to see if the filename is a
+ * pipe. We use stat() here because fopen() will block
+ * unless the other end of the pipe is open. This would
+ * be undesirable, especially if this is called at boot
+ * time. If we ever need to support reading from a pipe
+ * or special file, this should be revisited.
+ */
+ if (stat(optarg, &sbuf) == -1) {
+ EXIT_BADCONFIG2("Invalid pathname: %s\n",
+ optarg);
+ }
+ if (!(sbuf.st_mode & S_IFREG)) {
+ EXIT_BADCONFIG2("%s - Not a regular file\n",
+ optarg);
+ }
infile = fopen(optarg, "r");
if (infile == NULL) {
EXIT_BADCONFIG2("Unable to open configuration "
"file: %s\n", optarg);
}
/*
- * Check file permissions/ownership and warn or
- * fail depending on state of SMF control.
+ * The input file contains keying information, because
+ * this is sensative, we should only accept data from
+ * this file if the file is root owned and only readable
+ * by privileged users. If the command is being run by
+ * the administrator, issue a warning, if this is run by
+ * smf(5) (IE: boot time) and the permissions are too
+ * open, we will fail, the SMF service will end up in
+ * maintenace mode. The check is made with fstat() to
+ * eliminate any possible TOT to TOU window.
*/
if (fstat(fileno(infile), &sbuf) == -1) {
(void) fclose(infile);
@@ -3634,10 +3660,10 @@ main(int argc, char *argv[])
"%s has insecure permissions.",
optarg);
} else {
- (void) fprintf(stderr, "%s %s\n",
- optarg, gettext(
- "has insecure permissions, will be "
- "rejected in permanent config."));
+ (void) fprintf(stderr, gettext(
+ "Config file %s has insecure "
+ "permissions, will be rejected in "
+ "permanent config.\n"), optarg);
}
}
configfile = strdup(optarg);
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-18 07:14:34 +0000