[patch]: Validate keyring directory is not world
readable/writable (TODO Item)
John (J5) Palmieri
johnp at redhat.com
Thu Jun 2 13:07:29 PDT 2005
Forgot to attach the patch ;-)
On Thu, 2005-06-02 at 16:06 -0400, John (J5) Palmieri wrote:
> Here is the updated patch with a method rename and a check for group
> permissions. It should be noted that the function
> _dbus_check_dir_is_private takes in an error pointer so when it fails in
> _dbus_keyring_reload, and we return FALSE, the error is already set and
> propagated to the calling method.
>
> On Wed, 2005-06-01 at 10:11 -0400, Havoc Pennington wrote:
> > Hi,
> >
> > Comments -
> >
> > - should name the function something like check_private_to_user rather
> > than validate
> > - also check that it's not group readable/writable
> > - if the validation fails you have to set the DBusError, not only
> > return false
> >
> > Havoc
>
> --
> John (J5) Palmieri
> Associate Software Engineer
> Desktop Group
> Red Hat, Inc.
> Blog: http://martianrock.com
>
--
John (J5) Palmieri
Associate Software Engineer
Desktop Group
Red Hat, Inc.
Blog: http://martianrock.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-check-dir-is-private.patch
Type: text/x-patch
Size: 2299 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/dbus/attachments/20050602/62c37765/dbus-check-dir-is-private.bin
More information about the dbus
mailing list