Julien ÉLIE <jul...@trigofacile.com> writes:
> Then I suggest:
> if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0
> || ((buf.st_mode & 0040) != 0 && buf.st_gid != getgid())) {
> syslog(L_ERROR, "bad ownership or permissions on private key"
> " '%s': private key must be mode 640 at most, and readable by the
> news "
> "group only", cert_file);
> return (0);
> }
> I hope it will not fail in case of a setgid on nnrpd -- maybe we should
> use getegid() instead of getgid()?
getegid() would be better, yes. Otherwise, that looks good to me.
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
