Merge "Don't read /data/local.prop on user builds"

commit: abc12070d01cba3dbceb4250d180cebec8fc2afc [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Jan 18 15:41:47 2012 -0800
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Jan 18 15:41:47 2012 -0800
tree: 2699ca059d95036e9f378bb0d44aa5912e972ab8
parent: 38f368c1b3bac76d342189b6412691a217421178 [diff]
parent: 0dbda7e1c5bcebc501b4943cd6483122297e1834 [diff]
diff --git a/init/util.c b/init/util.c
index 13c9ca2..cb00f84 100755
--- a/init/util.c
+++ b/init/util.c

@@ -129,11 +129,23 @@
     char *data;
     int sz;
     int fd;
+    struct stat sb;
 
     data = 0;
     fd = open(fn, O_RDONLY);
     if(fd < 0) return 0;
 
+    // for security reasons, disallow world-writable
+    // or group-writable files
+    if (fstat(fd, &sb) < 0) {
+        ERROR("fstat failed for '%s'\n", fn);
+        goto oops;
+    }
+    if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
+        ERROR("skipping insecure file '%s'\n", fn);
+        goto oops;
+    }
+
     sz = lseek(fd, 0, SEEK_END);
     if(sz < 0) goto oops;
commit	abc12070d01cba3dbceb4250d180cebec8fc2afc	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Jan 18 15:41:47 2012 -0800
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Jan 18 15:41:47 2012 -0800
tree	2699ca059d95036e9f378bb0d44aa5912e972ab8
parent	38f368c1b3bac76d342189b6412691a217421178 [diff]
parent	0dbda7e1c5bcebc501b4943cd6483122297e1834 [diff]