edward/cloudflare-ddns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Better rwx checks

Browse source
This commit is contained in:
Edward Shen 2023-07-28 02:04:51 -07:00
parent f138148581
commit 514f83f90c
Signed by: edward
GPG key ID: 0A400FFE10097C30
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/main.rs
View file

@ -528,13 +528,25 @@ fn load_config_from_path<P: AsRef<Path>>(path: P) -> Option<Config> {
// mode is a u32, but only the bottom 9 bits represent the // mode is a u32, but only the bottom 9 bits represent the
// permissions. Mask and keep the bits we care about. // permissions. Mask and keep the bits we care about.
let current_mode = metadata.permissions().mode() & 0o777; let current_mode = metadata.permissions().mode() & 0o777;
if current_mode != 0o600 { debug!(found = format!("{current_mode:o}"), "Metadata bits");
// Check if it's readable by others
if (current_mode & 0o077) > 0 {
warn!( warn!(
found = format!("{current_mode:o}"), found = format!("{current_mode:o}"),
expected = "600", expected = "600",
"File permissions too broad! Your GLOBAL Cloudflare API key is accessible to all users on the system!" "File permissions too broad! Your GLOBAL Cloudflare API key is accessible to all users on the system!"
); );
} }
// Check if executable bit is set
if (current_mode & 0o100) != 0 {
warn!(
found = format!("{current_mode:o}"),
expected = "600",
"Config file has executable bit set"
);
}
} }
Err(e) => { Err(e) => {
warn!("Failed to read metadata for file: {e}"); warn!("Failed to read metadata for file: {e}");