Hi,
To be sure I don't accidentally overwrite the passphrase files, I'd
like to make them read only. The current code expects them to be
readable and writable. I took the new code from ssh (sshkey_perm_ok
function).
While there, I changed the error message (also based on ssh) so the
user has a better idea of what the program wants.
Index: bioctl.c
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.144
diff -u -p -r1.144 bioctl.c
--- bioctl.c 25 Apr 2020 14:37:43 -0000 1.144
+++ bioctl.c 1 Jun 2020 22:10:31 -0000
@@ -1328,8 +1328,8 @@ derive_key(u_int32_t type, int rounds, u
err(1, "can't stat passphrase file");
if (sb.st_uid != 0)
errx(1, "passphrase file must be owned by root");
- if ((sb.st_mode & ~S_IFMT) != (S_IRUSR | S_IWUSR))
- errx(1, "passphrase file has the wrong permissions");
+ if ((sb.st_mode & 077) != 0)
+ errx(1, "passphrase file must not be accessible by
others");
if (fgets(passphrase, sizeof(passphrase), f) == NULL)
err(1, "can't read passphrase file");
Cheers,
Daniel
