mirror of
https://github.com/systemd/systemd
synced 2024-10-14 20:17:52 +00:00
journal-remote: use READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE when reading PEM secret key
It's secret data, hence use the appropriate flags.
This commit is contained in:
parent
8b3c3a4973
commit
e5de42e6f2
|
@ -897,7 +897,11 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
if (arg_key_pem)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Key file specified twice");
|
||||
r = read_full_file_full(AT_FDCWD, optarg, READ_FULL_FILE_CONNECT_SOCKET, NULL, &arg_key_pem, NULL);
|
||||
r = read_full_file_full(
|
||||
AT_FDCWD, optarg,
|
||||
READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
|
||||
NULL,
|
||||
&arg_key_pem, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read key file: %m");
|
||||
assert(arg_key_pem);
|
||||
|
|
|
@ -1078,7 +1078,11 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
static int load_certificates(char **key, char **cert, char **trust) {
|
||||
int r;
|
||||
|
||||
r = read_full_file_full(AT_FDCWD, arg_key ?: PRIV_KEY_FILE, READ_FULL_FILE_CONNECT_SOCKET, NULL, key, NULL);
|
||||
r = read_full_file_full(
|
||||
AT_FDCWD, arg_key ?: PRIV_KEY_FILE,
|
||||
READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
|
||||
NULL,
|
||||
key, NULL);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to read key from file '%s': %m",
|
||||
arg_key ?: PRIV_KEY_FILE);
|
||||
|
|
Loading…
Reference in a new issue