Permalink
Browse files

Fix fogbugz #46 (A symbolic link should be allowed for the control fi…

…le) ... the symbolic link can be supported, it shouldn't be security issue.

git-svn-id: http://monit.googlecode.com/svn/trunk@341 808b68a2-07de-11de-a1f0-819f45317607
  • Loading branch information...
1 parent 268fcf0 commit dcafa2f0e647deb46ef275bc6a421f70fede2fa0 mmonit@tildeslash.com committed Mar 22, 2011
Showing with 7 additions and 14 deletions.
  1. +2 −0 CHANGES.txt
  2. +5 −14 file.c
View
@@ -28,6 +28,8 @@ Version 5.2.5
* AIX: Fix the M/Monit heartbeat. Thanks to Helen Chen for report.
+* Support symbolic link to monit configuration file.
+
Version 5.2.4
View
19 file.c
@@ -305,8 +305,7 @@ int File_exist(char *file) {
/**
* Security check for files. The files must have the same uid as the
* REAL uid of this process, it must have permissions no greater than
- * "maxpermission" and it must not be a symbolic link. We check these
- * conditions here.
+ * "maxpermission".
* @param filename The filename of the checked file
* @param description The description of the checked file
* @param permmask The permission mask for the file
@@ -319,24 +318,16 @@ int File_checkStat(char *filename, char *description, int permmask) {
ASSERT(filename);
ASSERT(description);
- if(lstat(filename, &buf) < 0) {
- LogError("%s: Cannot stat the %s '%s' -- %s\n",
- prog, description, filename, STRERROR);
+ if(stat(filename, &buf) < 0) {
+ LogError("%s: Cannot stat the %s '%s' -- %s\n", prog, description, filename, STRERROR);
return FALSE;
}
- if(S_ISLNK(buf.st_mode)) {
- LogError("%s: The %s '%s' must not be a symbolic link.\n",
- prog, description, filename);
- return(FALSE);
- }
if(!S_ISREG(buf.st_mode)) {
- LogError("%s: The %s '%s' is not a regular file.\n",
- prog, description, filename);
+ LogError("%s: The %s '%s' is not a regular file.\n", prog, description, filename);
return FALSE;
}
if(buf.st_uid != geteuid()) {
- LogError("%s: The %s '%s' must be owned by you.\n",
- prog, description, filename);
+ LogError("%s: The %s '%s' must be owned by you.\n", prog, description, filename);
return FALSE;
}
if((buf.st_mode & 0777 ) & ~permmask) {

0 comments on commit dcafa2f

Please sign in to comment.