aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKarol Babioch <karol@babioch.de>2018-10-16 15:50:12 (GMT)
committerJouni Malinen <j@w1.fi>2018-10-20 16:15:54 (GMT)
commit1737eb39823d5265929190412a2221688f37f769 (patch)
tree8f0d1c5d8affc59b66489d1152cdd451ef7d3114
parent1d914d01d8333010c769e6b3ad777d1f380c1597 (diff)
downloadhostap-1737eb39823d5265929190412a2221688f37f769.zip
hostap-1737eb39823d5265929190412a2221688f37f769.tar.gz
hostap-1737eb39823d5265929190412a2221688f37f769.tar.bz2
Create debug log file with more sane file permissions
Previously the file permissions for the debug log file were not explicitly set. Instead it was implicitly relying on a secure umask, which in most cases would result in a file that is world-readable. This is a violation of good practices, since not every user should have access to sensitive information that might be contained in the debug log file. Explicitly set sane default file permissions in case the file is newly created. Unfortunately the fopen(3) function does not provide such a facility, so the approach needs to be changed in the following way: 1) The file descriptor needs to be created manually using the open(3) function with the correct flags and the desired mode set. 2) fdopen(3) can then be used on the file descriptor to associate a file stream with it. Note: This modification will not change the file permissions of any already existing debug log files, and only applies to newly created ones. Signed-off-by: Karol Babioch <karol@babioch.de>
-rw-r--r--src/utils/wpa_debug.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index 62758d8..3fe14ce 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -58,6 +58,10 @@ static int wpa_to_android_level(int level)
#ifndef CONFIG_NO_STDOUT_DEBUG
#ifdef CONFIG_DEBUG_FILE
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
@@ -539,6 +543,8 @@ int wpa_debug_reopen_file(void)
int wpa_debug_open_file(const char *path)
{
#ifdef CONFIG_DEBUG_FILE
+ int out_fd;
+
if (!path)
return 0;
@@ -548,10 +554,20 @@ int wpa_debug_open_file(const char *path)
last_path = os_strdup(path);
}
- out_file = fopen(path, "a");
+ out_fd = open(path, O_CREAT | O_APPEND | O_WRONLY,
+ S_IRUSR | S_IWUSR | S_IRGRP);
+ if (out_fd < 0) {
+ wpa_printf(MSG_ERROR,
+ "%s: Failed to open output file descriptor, using standard output",
+ __func__);
+ return -1;
+ }
+
+ out_file = fdopen(out_fd, "a");
if (out_file == NULL) {
wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
"output file, using standard output");
+ close(out_fd);
return -1;
}
#ifndef _WIN32