upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pfctl: relax the cfg file secrecy check slightly to allow group readability

Browse source 
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

Obtained from:	OpenBSD, henning <henning@openbsd.org>, 7140c133f0
Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2025-02-11 11:14:14 +01:00
parent 26a7be91ad
commit cba525e53b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sbin/pfctl/parse.y
View file

@ -6917,8 +6917,8 @@ check_file_secrecy(int fd, const char *fname)
warnx("%s: owner not root or current user", fname);
return (-1);
}
if (st.st_mode & (S_IRWXG | S_IRWXO)) {
warnx("%s: group/world readable/writeable", fname);
if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
warnx("%s: group writable or world read/writable", fname);
return (-1);
}
return (0);