return -1;
}
- if ((statbuf.st_mode & S_IROTH) != 0) {
+ if (0 && (statbuf.st_mode & S_IROTH) != 0) {
radlog(L_ERR|L_CONS, "Configuration file %s is globally readable. Refusing to start due to insecure configuration.",
file);
return -1;
char buffer[1024];
CONF_SECTION *cs, *oldcs;
rad_listen_t *listener;
+ struct stat statbuf;
+
+ if (stat(radius_dir, &statbuf) < 0) {
+ radlog(L_ERR|L_CONS, "Errors reading %s: %s",
+ radius_dir, strerror(errno));
+ return -1;
+ }
+
+ if ((statbuf.st_mode & S_IWOTH) != 0) {
+ radlog(L_ERR|L_CONS, "Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
+ radius_dir);
+ return -1;
+ }
+
+
+ if (0 && (statbuf.st_mode & S_IROTH) != 0) {
+ radlog(L_ERR|L_CONS, "Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
+ radius_dir);
+ return -1;
+ }
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s",