src/hg/lib/hgConfig.c 1.23
1.23 2010/02/20 07:12:50 markd
check that all config files starting with dot are only readable by the owner
Index: src/hg/lib/hgConfig.c
===================================================================
RCS file: /projects/compbio/cvsroot/kent/src/hg/lib/hgConfig.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -b -B -U 4 -r1.22 -r1.23
--- src/hg/lib/hgConfig.c 6 Oct 2009 16:51:43 -0000 1.22
+++ src/hg/lib/hgConfig.c 20 Feb 2010 07:12:50 -0000 1.23
@@ -45,16 +45,19 @@
return FALSE;
#endif
}
-static void checkConfigPerms(char *filename, int depth)
-/* get that we are either a CGI or that the config file is only readable by
- * the user, or doesn't exist. Specifying HGDB_CONF also disables perms
- * check to make debugging and having CGIs run loaders easier */
-{
+static void checkConfigPerms(char *filename)
+/* Check that that config files starting with "." are only readable by the
+ * user or don't exist. */
+{
+char *p = strrchr(filename, '/');
+if (p != NULL)
+ p++;
+else
+ p = filename; // no dir in path
struct stat statBuf;
-if ((!isBrowserCgi()) && isEmpty(getenv("HGDB_CONF")) && depth == 0
- && (stat(filename, &statBuf) == 0))
+if ((p[0] == '.') && (stat(filename, &statBuf) == 0))
{
if ((statBuf.st_mode & (S_IRWXG|S_IRWXO)) != 0)
errAbort("config file %s allows group or other access, must only allow user access",
filename);
@@ -157,9 +160,9 @@
static void parseConfigFile(char *filename, int depth)
/* open and parse a config file */
{
-checkConfigPerms(filename, depth);
+checkConfigPerms(filename);
struct lineFile *lf = lineFileOpen(filename, TRUE);
char *line;
while(lineFileNext(lf, &line, NULL))
{