From 0d89626420649f801e5bdb58b62b392449047fba Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 10 Mar 2025 12:01:55 +0100 Subject: [PATCH] Don't run the permissions checks on non-Unix platforms This is way too annoying on Windows systems. --- dnscrypt-proxy/common.go | 31 ------------------------- dnscrypt-proxy/permcheck_others.go | 7 ++++++ dnscrypt-proxy/permcheck_unix.go | 36 ++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 31 deletions(-) create mode 100644 dnscrypt-proxy/permcheck_others.go create mode 100644 dnscrypt-proxy/permcheck_unix.go diff --git a/dnscrypt-proxy/common.go b/dnscrypt-proxy/common.go index 647ccfac..54cac060 100644 --- a/dnscrypt-proxy/common.go +++ b/dnscrypt-proxy/common.go @@ -6,12 +6,9 @@ import ( "errors" "net" "os" - "path" "strconv" "strings" "unicode" - - "github.com/jedisct1/dlog" ) type CryptoConstruction uint16 @@ -167,31 +164,3 @@ func ReadTextFile(filename string) (string, error) { } func isDigit(b byte) bool { return b >= '0' && b <= '9' } - -func maybeWritableByOtherUsers(p string) (bool, string, error) { - p = path.Clean(p) - for p != "/" && p != "." { - st, err := os.Stat(p) - if err != nil { - return false, p, err - } - mode := st.Mode() - if mode.Perm()&2 != 0 && !(st.IsDir() && mode&os.ModeSticky == os.ModeSticky) { - return true, p, nil - } - p = path.Dir(p) - } - return false, "", nil -} - -func WarnIfMaybeWritableByOtherUsers(p string) { - if ok, px, err := maybeWritableByOtherUsers(p); ok { - if px == p { - dlog.Criticalf("[%s] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions", p) - } else { - dlog.Warnf("[%s] can be modified by other system users because [%s] is writable by other users - If this is not intentional, it is recommended to fix the access permissions", p, px) - } - } else if err != nil { - dlog.Warnf("Error while checking if [%s] is accessible: [%s] : [%s]", p, px, err) - } -} diff --git a/dnscrypt-proxy/permcheck_others.go b/dnscrypt-proxy/permcheck_others.go new file mode 100644 index 00000000..98d71642 --- /dev/null +++ b/dnscrypt-proxy/permcheck_others.go @@ -0,0 +1,7 @@ +//go:build !unix + +package main + +func WarnIfMaybeWritableByOtherUsers(p string) { + // No-op +} diff --git a/dnscrypt-proxy/permcheck_unix.go b/dnscrypt-proxy/permcheck_unix.go new file mode 100644 index 00000000..89305a23 --- /dev/null +++ b/dnscrypt-proxy/permcheck_unix.go @@ -0,0 +1,36 @@ +package main + +import ( + "os" + "path" + + "github.com/jedisct1/dlog" +) + +func maybeWritableByOtherUsers(p string) (bool, string, error) { + p = path.Clean(p) + for p != "/" && p != "." { + st, err := os.Stat(p) + if err != nil { + return false, p, err + } + mode := st.Mode() + if mode.Perm()&2 != 0 && !(st.IsDir() && mode&os.ModeSticky == os.ModeSticky) { + return true, p, nil + } + p = path.Dir(p) + } + return false, "", nil +} + +func WarnIfMaybeWritableByOtherUsers(p string) { + if ok, px, err := maybeWritableByOtherUsers(p); ok { + if px == p { + dlog.Criticalf("[%s] is writable by other system users - If this is not intentional, it is recommended to fix the access permissions", p) + } else { + dlog.Warnf("[%s] can be modified by other system users because [%s] is writable by other users - If this is not intentional, it is recommended to fix the access permissions", p, px) + } + } else if err != nil { + dlog.Warnf("Error while checking if [%s] is accessible: [%s] : [%s]", p, px, err) + } +}