fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-02-04 06:00:32 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

keyfile: for keyfile owner check allow root and euid

Browse source 
This partly restores the previous behavior. The point of the
file owner check is to ensure that the file cannot be read
by unpriviledged processes as it may contain secrets. If the
file is owned by root, that is considered secure (even if our
euid is different).

Possibly, if our euid is not root, then we couldn't read the
file, but that is a different problem.
This commit is contained in:
Thomas Haller 2022-01-18 17:47:17 +01:00
parent b1a14e3398
commit b2660b7012
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/core/settings/plugins/keyfile/nms-keyfile-utils.c
View file

@ -337,7 +337,7 @@ nms_keyfile_utils_check_file_permissions_stat(NMSKeyfileFiletype filetype,
g_return_val_if_reached(FALSE);
if (!NM_FLAGS_HAS(nm_utils_get_testing(), NM_UTILS_TEST_NO_KEYFILE_OWNER_CHECK)) {
if (st->st_uid != nm_utils_get_nm_uid()) {
if (!NM_IN_SET(st->st_uid, 0, nm_utils_get_nm_uid())) {
g_set_error(error,
NM_SETTINGS_ERROR,
NM_SETTINGS_ERROR_INVALID_CONNECTION,