On Thu, Jan 13, 2011 at 04:02:47PM +0100, Henning Brauer wrote: > the check is dirt cheap, so that is not the point. > > the aforementioned discussion is just being revived ;)
no problem then, here's the new one -- Martin Pelikan Index: parse.y =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v retrieving revision 1.258 diff -u -p -r1.258 parse.y --- parse.y 2 Sep 2010 14:03:21 -0000 1.258 +++ parse.y 13 Jan 2011 15:11:04 -0000 @@ -50,9 +50,8 @@ static struct file { int lineno; int errors; } *file, *topfile; -struct file *pushfile(const char *, int); +struct file *pushfile(const char *); int popfile(void); -int check_file_secrecy(int, const char *); int yyparse(void); int yylex(void); int yyerror(const char *, ...); @@ -312,7 +311,7 @@ varset : STRING '=' string { include : INCLUDE STRING { struct file *nfile; - if ((nfile = pushfile($2, 1)) == NULL) { + if ((nfile = pushfile($2)) == NULL) { yyerror("failed to include file %s", $2); free($2); YYERROR; @@ -2471,28 +2470,8 @@ nodigits: return (c); } -int -check_file_secrecy(int fd, const char *fname) -{ - struct stat st; - - if (fstat(fd, &st)) { - log_warn("cannot stat %s", fname); - return (-1); - } - if (st.st_uid != 0 && st.st_uid != getuid()) { - log_warnx("%s: owner not root or current user", fname); - return (-1); - } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); - return (-1); - } - return (0); -} - struct file * -pushfile(const char *name, int secret) +pushfile(const char *name) { struct file *nfile; @@ -2511,13 +2490,6 @@ pushfile(const char *name, int secret) free(nfile); return (NULL); } - if (secret && - check_file_secrecy(fileno(nfile->stream), nfile->name)) { - fclose(nfile->stream); - free(nfile->name); - free(nfile); - return (NULL); - } nfile->lineno = 1; TAILQ_INSERT_TAIL(&files, nfile, entry); return (nfile); @@ -2558,7 +2530,7 @@ parse_config(char *filename, struct bgpd conf->opts = xconf->opts; conf->csock = strdup(SOCKET_NAME); - if ((file = pushfile(filename, 1)) == NULL) { + if ((file = pushfile(filename)) == NULL) { free(conf); return (-1); } Index: parse.y =================================================================== RCS file: /cvs/src/usr.sbin/ospfd/parse.y,v retrieving revision 1.73 diff -u -p -r1.73 parse.y --- parse.y 13 Dec 2010 13:43:37 -0000 1.73 +++ parse.y 13 Jan 2011 15:12:02 -0000 @@ -50,9 +50,8 @@ static struct file { int lineno; int errors; } *file, *topfile; -struct file *pushfile(const char *, int); +struct file *pushfile(const char *); int popfile(void); -int check_file_secrecy(int, const char *); int yyparse(void); int yylex(void); int yyerror(const char *, ...); @@ -149,7 +148,7 @@ grammar : /* empty */ include : INCLUDE STRING { struct file *nfile; - if ((nfile = pushfile($2, 1)) == NULL) { + if ((nfile = pushfile($2)) == NULL) { yyerror("failed to include file %s", $2); free($2); YYERROR; @@ -999,28 +998,8 @@ nodigits: return (c); } -int -check_file_secrecy(int fd, const char *fname) -{ - struct stat st; - - if (fstat(fd, &st)) { - log_warn("cannot stat %s", fname); - return (-1); - } - if (st.st_uid != 0 && st.st_uid != getuid()) { - log_warnx("%s: owner not root or current user", fname); - return (-1); - } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); - return (-1); - } - return (0); -} - struct file * -pushfile(const char *name, int secret) +pushfile(const char *name) { struct file *nfile; @@ -1038,12 +1017,6 @@ pushfile(const char *name, int secret) free(nfile->name); free(nfile); return (NULL); - } else if (secret && - check_file_secrecy(fileno(nfile->stream), nfile->name)) { - fclose(nfile->stream); - free(nfile->name); - free(nfile); - return (NULL); } nfile->lineno = 1; TAILQ_INSERT_TAIL(&files, nfile, entry); @@ -1092,7 +1065,7 @@ parse_config(char *filename, int opts) conf->spf_hold_time = DEFAULT_SPF_HOLDTIME; conf->spf_state = SPF_IDLE; - if ((file = pushfile(filename, !(conf->opts & OSPFD_OPT_NOACTION))) == NULL) { + if ((file = pushfile(filename)) == NULL) { free(conf); return (NULL); } Index: parse.y =================================================================== RCS file: /cvs/src/usr.sbin/ospf6d/parse.y,v retrieving revision 1.20 diff -u -p -r1.20 parse.y --- parse.y 13 Dec 2010 13:43:37 -0000 1.20 +++ parse.y 13 Jan 2011 15:13:08 -0000 @@ -52,9 +52,8 @@ static struct file { int lineno; int errors; } *file, *topfile; -struct file *pushfile(const char *, int); +struct file *pushfile(const char *); int popfile(void); -int check_file_secrecy(int, const char *); int yyparse(void); int yylex(void); int yyerror(const char *, ...); @@ -796,28 +795,8 @@ nodigits: return (c); } -int -check_file_secrecy(int fd, const char *fname) -{ - struct stat st; - - if (fstat(fd, &st)) { - log_warn("cannot stat %s", fname); - return (-1); - } - if (st.st_uid != 0 && st.st_uid != getuid()) { - log_warnx("%s: owner not root or current user", fname); - return (-1); - } - if (st.st_mode & (S_IRWXG | S_IRWXO)) { - log_warnx("%s: group/world readable/writeable", fname); - return (-1); - } - return (0); -} - struct file * -pushfile(const char *name, int secret) +pushfile(const char *name) { struct file *nfile; @@ -835,12 +814,6 @@ pushfile(const char *name, int secret) free(nfile->name); free(nfile); return (NULL); - } else if (secret && - check_file_secrecy(fileno(nfile->stream), nfile->name)) { - fclose(nfile->stream); - free(nfile->name); - free(nfile); - return (NULL); } nfile->lineno = 1; TAILQ_INSERT_TAIL(&files, nfile, entry); @@ -887,7 +860,7 @@ parse_config(char *filename, int opts) conf->spf_hold_time = DEFAULT_SPF_HOLDTIME; conf->spf_state = SPF_IDLE; - if ((file = pushfile(filename, !(conf->opts & OSPFD_OPT_NOACTION))) == NULL) { + if ((file = pushfile(filename)) == NULL) { free(conf); return (NULL); }