Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Never save the Redfish passwords to a file readable by users
When the redfish plugin automatically creates an OPERATOR user account on the BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it is chmod'ed to 0660 before writing the file with g_key_file_save_to_file(). Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with the keyfile string data. I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being used to copy permissions, but alas not. GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666, which undoes the previous chmod(). Use g_file_set_contents_full() with the correct mode for newer GLib versions, and provide a fallback with the same semantics for older versions.
- Loading branch information
Showing
3 changed files
with
114 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters