forked from pool/wpa_supplicant
4a7dfdf397
Updated patches with some feedback from upstream OBS-URL: https://build.opensuse.org/request/show/641409 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=85
70 lines
2.3 KiB
Diff
70 lines
2.3 KiB
Diff
From 2fb45cd0370f1bc6d452df15dc1f7bf6575ed55c Mon Sep 17 00:00:00 2001
|
|
From: Karol Babioch <karol@babioch.de>
|
|
Date: Thu, 11 Oct 2018 21:21:30 +0200
|
|
Subject: [PATCH v3 1/2] Create debug log file with more sane file permissions
|
|
|
|
Previously the file permissions for the debug log file were not explicitly set.
|
|
Instead it was implicitly relying on a secure umask, which in most cases would
|
|
result in a file that is world-readable. This is a violation of good
|
|
practices, since not very user of a file should have access to sensitive
|
|
information that might be contained in the debug log file.
|
|
|
|
This commit will explicitly set sane default file permissions in case
|
|
the file is newly created.
|
|
|
|
Unfortunately the fopen(3) function does not provide such a facility, so the
|
|
approach needs to be changed in the following way:
|
|
|
|
1.) The file descriptor needs to be created manually using the open(3)
|
|
function with the correct flags and the desired mode set.
|
|
|
|
2.) fdopen(3) can then be used on the file descriptor to associate a
|
|
file stream with it.
|
|
|
|
Note: This modification will not change the file permissions of any already
|
|
existing debug log files, and only applies to newly created ones.
|
|
|
|
Signed-off-by: Karol Babioch <karol@babioch.de>
|
|
---
|
|
src/utils/wpa_debug.c | 14 +++++++++++++-
|
|
1 file changed, 13 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
|
|
index 62758d864..5d2f7becb 100644
|
|
--- a/src/utils/wpa_debug.c
|
|
+++ b/src/utils/wpa_debug.c
|
|
@@ -58,6 +58,9 @@ static int wpa_to_android_level(int level)
|
|
#ifndef CONFIG_NO_STDOUT_DEBUG
|
|
|
|
#ifdef CONFIG_DEBUG_FILE
|
|
+#include <sys/types.h>
|
|
+#include <sys/stat.h>
|
|
+
|
|
static FILE *out_file = NULL;
|
|
#endif /* CONFIG_DEBUG_FILE */
|
|
|
|
@@ -548,10 +551,19 @@ int wpa_debug_open_file(const char *path)
|
|
last_path = os_strdup(path);
|
|
}
|
|
|
|
- out_file = fopen(path, "a");
|
|
+ int out_fd = -1;
|
|
+ out_fd = open(path, O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
|
|
+ if (out_fd < 0) {
|
|
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
|
|
+ "output file descriptor, using standard output");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ out_file = fdopen(out_fd, "a");
|
|
if (out_file == NULL) {
|
|
wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
|
|
"output file, using standard output");
|
|
+ close(out_fd);
|
|
return -1;
|
|
}
|
|
#ifndef _WIN32
|
|
--
|
|
2.19.1
|
|
|