Hardening: more restrictive permissions of created files and dirs

As top_talkers and alerts_db were created with root privileges, a chown may be required if the process is run with nobody -rw-r--r-- 1 root root 3.0K Oct 3 16:35 top_talkers.db Fixes #1486
2026-05-25 06:18:47 +00:00 · 2017-10-03 16:47:18 +02:00 · 2017-10-03 16:47:18 +02:00 · 4b2d6c8af6
commit 4b2d6c8af6
parent 124364c4a2
6 changed files with 29 additions and 86 deletions
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@ -211,15 +211,11 @@ NetworkInterface::NetworkInterface(const char *name,
  loadDumpPrefs();
  loadScalingFactorPrefs();

-  if(((statsManager  = new StatsManager(id, STATS_MANAGER_STORE_NAME)) == NULL)
-     || ((alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME)) == NULL))
-    throw "Not enough memory";
+  statsManager = NULL, alertsManager = NULL;

  if((host_pools = new HostPools(this)) == NULL)
    throw "Not enough memory";

-  alertLevel = alertsManager->getNumAlerts(true);
-
 #ifdef linux
  /*
    A bit aggressive but as people usually
@ -5205,6 +5201,8 @@ void NetworkInterface::allocateNetworkStats() {

  try {
    networkStats = new NetworkStats[numNetworks];
+    statsManager  = new StatsManager(id, STATS_MANAGER_STORE_NAME);
+    alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME);
  } catch(std::bad_alloc& ba) {
    static bool oom_warning_sent = false;

@ -5212,9 +5210,13 @@ void NetworkInterface::allocateNetworkStats() {
      ntop->getTrace()->traceEvent(TRACE_WARNING, "Not enough memory");
      oom_warning_sent = true;
    }
-
-    networkStats = NULL;
  }
+
+  if(alertsManager)
+    alertLevel = alertsManager->getNumAlerts(true);
+  else
+    alertLevel = 0;
+  
 }

 /* **************************************** */