From patchwork Thu Oct 11 20:20:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Karol Babioch X-Patchwork-Id: 982696 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=babioch.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="THm8kgsV"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=babioch.de header.i=@babioch.de header.b="eZM0KD6q"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42WMnD4NfCz9s7T for ; Fri, 12 Oct 2018 07:21:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=2/7WuHy9bzF/4/w7ybA85EumbDs81pzF+u0jH+JAPQs=; b=THm8kgsVuKeizY ZZKIWp4emTyGOKuXzPjt8KFdex+JLxjG8zIRI4RCgENWekqtHT6hNe2mS+Ai47rlZoeRJRgKCd0Uq sCkW/J5MKLnWwzi+PQ+WSpyUjzD8y7zzHdVx99lzypC8KxVlygU2LTn9NwfPKgW6DD5+0iRy97Vjk kfh/NjJ2VdDPKMjsF/501rBTd5kLqg9+ACXTdtSQAftM3DOJ0qMakh8OHIVegb+9vtDD1eRnvtpRq DHwa1NYwOKi6rnBVXhFTk88AX0iPQhwEORnmbrPyZeleVsCj8fuvQlXXxA7rWEQqHyaOhY944aZKZ JW5+hd/BT47qr3+1Appg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAhSH-0006VE-Sn; Thu, 11 Oct 2018 20:21:09 +0000 Received: from mail.babioch.de ([144.76.131.5]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAhSE-0006U5-Ip for hostap@lists.infradead.org; Thu, 11 Oct 2018 20:21:08 +0000 From: Karol Babioch DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=babioch.de; s=20170501; t=1539289247; bh=hMtHcHa6KB7KZLxnRPkA0m+P3DN6AaFw/UxTKTOioWs=; h=From:To:Cc:Subject:Date; b=eZM0KD6qCNJB3Xs77Q1jLEvBcfjPa6FKgG2aOgas4PSiI3xf2xzKI9MFw+o86bhi8 boeyT0n0DsgbyVXU8sGpR4MthiFYNWB6Q2MEAe2fD0yCTSqqUJvA2kZHslHFLGv3IW GU+sJ86MQdllTBbcIaXz8tpOOKekr8qgMmU+TmYJ1B3v/8DPLL17rnEvwXk0EPFTeP Npjsl+ugLKlHF9HUBOONkSAp/42q0tFy0iryRuuQJrzAEMbG6/JMMIE/bAeK6pG7pq ZPXjFzzK3/9JlDOhktAOhKhLv2lZvOd8OOsyKh+dVkNmrlCf4G//eAKId3xAJVUZ97 TaM0oepawaZgg== To: hostap@lists.infradead.org Subject: [PATCH 1/2] Create debug log file with more sane file permissions Date: Thu, 11 Oct 2018 22:20:09 +0200 Message-Id: <20181011202010.29226-1-karol@babioch.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181011_132106_869593_D763FF4B X-CRM114-Status: GOOD ( 11.33 ) X-Spam-Score: -0.8 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [144.76.131.5 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Karol Babioch Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Previously the file permissions for the debug log file were not explicitly set. Instead it was implicitly relying on a secure umask, which in most cases would result in a file that is world-readable. This is a violation of good practices, since not very user of a file should have access to sensitive information that might be contained in the debug log file. This commit will explicitly set sane default file permissions in case the file is newly created. Unfortunately the fopen(3) function does not provide such a facility, so the approach needs to be changed in the following way: 1.) The file descriptor needs to be created manually using the open(3) function with the correct flags and the desired mode set. 2.) fdopen(3) can then be used on the file descriptor to associate a file stream with it. Note: This modification will not change the file permissions of any already existing debug log files, and only applies to newly created ones. Signed-off-by: Karol Babioch --- src/utils/wpa_debug.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c index 62758d864..b412f88e3 100644 --- a/src/utils/wpa_debug.c +++ b/src/utils/wpa_debug.c @@ -58,6 +58,10 @@ static int wpa_to_android_level(int level) #ifndef CONFIG_NO_STDOUT_DEBUG #ifdef CONFIG_DEBUG_FILE +#include +#include + +static int out_fd = -1; static FILE *out_file = NULL; #endif /* CONFIG_DEBUG_FILE */ @@ -548,12 +552,21 @@ int wpa_debug_open_file(const char *path) last_path = os_strdup(path); } - out_file = fopen(path, "a"); + out_fd = open(path, O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP); + if (out_fd < 0) { + wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " + "output file descriptor, using standard output"); + return -1; + } + + out_file = fdopen(out_fd, "a"); if (out_file == NULL) { wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " "output file, using standard output"); + close(out_fd); return -1; } + #ifndef _WIN32 setvbuf(out_file, NULL, _IOLBF, 0); #endif /* _WIN32 */