radattr: tighten permissions on radattr file to avoid information leakage. (#290)

Depending on the invoking process's umask it's possible that the radattr
file (which in certain cases can contain crytographic keys) be stored
with permissions such that world-read access is possible, resulting in
sensitive information being leaked to local users.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>

diff --git a/pppd/plugins/radius/radattr.c b/pppd/plugins/radius/radattr.c
index 1dee313bc1cb04a84b46e4f09d86ec6735a3518e..f6a787424afc4fc304f605fb02467b4d055d9700 100644 (file)
--- a/pppd/plugins/radius/radattr.c
+++ b/pppd/plugins/radius/radattr.c
@@ -24,6 +24,8 @@ static char const RCSID[] =
 #include "pppd.h"
 #include "radiusclient.h"
 #include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 extern void (*radius_attributes_hook)(VALUE_PAIR *);
 static void print_attributes(VALUE_PAIR *);
@@ -75,9 +77,12 @@ print_attributes(VALUE_PAIR *vp)
     char name[2048];
     char value[2048];
     int cnt = 0;
+    mode_t old_umask;
 
     slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+    old_umask = umask(077);
     fp = fopen(fname, "w");
+    umask(old_umask);
     if (!fp) {
        warn("radattr plugin: Could not open %s for writing: %m", fname);
        return;