From: Jaco Kroon <jaco@uls.co.za>
Date: Sat, 18 Sep 2021 02:02:54 +0000 (+0200)
Subject: radattr: tighten permissions on radattr file to avoid information leakage. (#290)
X-Git-Tag: ppp-2.5.0~58
X-Git-Url: https://git.ozlabs.org/?a=commitdiff_plain;h=7adcfc961d3ccb051da87cc95d76cd3344f00fb8;p=ppp.git

radattr: tighten permissions on radattr file to avoid information leakage. (#290)

Depending on the invoking process's umask it's possible that the radattr
file (which in certain cases can contain crytographic keys) be stored
with permissions such that world-read access is possible, resulting in
sensitive information being leaked to local users.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>
---

diff --git a/pppd/plugins/radius/radattr.c b/pppd/plugins/radius/radattr.c
index 1dee313..f6a7874 100644
--- a/pppd/plugins/radius/radattr.c
+++ b/pppd/plugins/radius/radattr.c
@@ -24,6 +24,8 @@ static char const RCSID[] =
 #include "pppd.h"
 #include "radiusclient.h"
 #include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 extern void (*radius_attributes_hook)(VALUE_PAIR *);
 static void print_attributes(VALUE_PAIR *);
@@ -75,9 +77,12 @@ print_attributes(VALUE_PAIR *vp)
     char name[2048];
     char value[2048];
     int cnt = 0;
+    mode_t old_umask;
 
     slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+    old_umask = umask(077);
     fp = fopen(fname, "w");
+    umask(old_umask);
     if (!fp) {
 	warn("radattr plugin: Could not open %s for writing: %m", fname);
 	return;