]> git.ozlabs.org Git - ppp.git/commit
projects / ppp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ae2282a) | patch
radattr: tighten permissions on radattr file to avoid information leakage. (#290)
authorJaco Kroon <jaco@uls.co.za>
Sat, 18 Sep 2021 02:02:54 +0000 (04:02 +0200)
committerGitHub <noreply@github.com>
Sat, 18 Sep 2021 02:02:54 +0000 (12:02 +1000)
commit7adcfc961d3ccb051da87cc95d76cd3344f00fb8
treea80bcf67cc9fd56bf3fd040da68e74cbec6928ddtree | snapshot (tar.gz zip)
parentae2282a71526818656c87d9eed3ce10c7c1c284ccommit | diff
radattr: tighten permissions on radattr file to avoid information leakage. (#290)

Depending on the invoking process's umask it's possible that the radattr
file (which in certain cases can contain crytographic keys) be stored
with permissions such that world-read access is possible, resulting in
sensitive information being leaked to local users.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>
pppd/plugins/radius/radattr.c diff | blob | history
PPP (Point-to-Point Protocol) implementation for Linux and Solaris