void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-25 08:27:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ensure correct permissions on sensitive files are set on startup

Browse source
This commit is contained in:
Grant Limberg 2023-03-03 15:28:39 -08:00
parent b17b7f532a
commit 0d1456d9dc
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
one.cpp
View file

@ -2235,6 +2235,23 @@ int main(int argc,char **argv)
}
}
// Check and fix permissions on critical files at startup
try {
char p[4096];
OSUtils::ztsnprintf(p, sizeof(p), "%s" ZT_PATH_SEPARATOR_S "identity.secret", homeDir.c_str());
OSUtils::lockDownFile(p, false);
}
catch (...) {
}
try {
char p[4096];
OSUtils::ztsnprintf(p, sizeof(p), "%s" ZT_PATH_SEPARATOR_S "authtoken.secret", homeDir.c_str());
OSUtils::lockDownFile(p, false);
}
catch (...) {
}
// This can be removed once the new controller code has been around for many versions
if (OSUtils::fileExists((homeDir + ZT_PATH_SEPARATOR_S + "controller.db").c_str(),true)) {
fprintf(stderr,"%s: FATAL: an old controller.db exists in %s -- see instructions in controller/README.md for how to migrate!" ZT_EOL_S,argv[0],homeDir.c_str());