[PATCH] prevent a user loading his hand crafted pkcs11 provider into openvpn

From: Helmut Manck <manck laptop localdomain>
Subject: [PATCH] prevent a user loading his hand crafted pkcs11 provider into openvpn
Date: Sun, 12 Jul 2009 20:00:13 +0200

---
 properties/auth-helpers.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 8196519..115b3d3 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -704,6 +704,7 @@ static gboolean
 tls_so_filter (const GtkFileFilterInfo *filter_info, gpointer data)
 {
 	char *p, *ext;
+	struct stat buf;
 
 	if (!filter_info->filename)
 		return FALSE;
@@ -721,6 +722,11 @@ tls_so_filter (const GtkFileFilterInfo *filter_info, gpointer data)
 	}
 	g_free (ext);
 
+	if ( stat(filter_info->filename, &buf) != 0 ) return FALSE;
+
+	// Check if file belongs to root
+	if ( buf.st_uid != 0 ) return FALSE;
+
 	return TRUE;
 }
 
-- 
1.5.2.1


--=-h02WRTdS9+xRSxYCGVI0--

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]