On Wed Feb 18, 2026 at 02:03:22AM +0100, Christian Schulte wrote:
> Starting with revision 1.171 of parse.y [1], relayd config files may
> contain cleartext passwords. Although the example relayd.conf file
> is not group writeable or world read/writeable - preserved when copied
> to /etc - the parser does not check file permissions.
>
> $ ls -lah /etc/examples/relayd.conf
> -rw------- 1 root wheel 2.7K Feb 17 09:11 /etc/examples/relayd.conf
>
> The parser should call check_file_secrecy to give users a chance to
> notice they may be using unsecure file permissions. The following diff
> adds those checks.
>
> [1]
> <https://github.com/openbsd/src/commit/cf39ad791b5ef405f8d49ae32cced6e5cf55b8e7>
>
>
> Index: usr.sbin/relayd/parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> diff -u -p -u -r1.258 parse.y
> --- usr.sbin/relayd/parse.y 28 Oct 2024 19:56:18 -0000 1.258
> +++ usr.sbin/relayd/parse.y 18 Feb 2026 00:54:51 -0000
> @@ -215,7 +215,7 @@ grammar : /* empty */
> include : INCLUDE STRING {
> struct file *nfile;
>
> - if ((nfile = pushfile($2, 0)) == NULL) {
> + if ((nfile = pushfile($2, 1)) == NULL) {
> yyerror("failed to include file %s", $2);
> free($2);
> YYERROR;
> @@ -2883,7 +2883,7 @@ parse_config(const char *filename, struc
>
> errors = 0;
>
> - if ((file = pushfile(filename, 0)) == NULL)
> + if ((file = pushfile(filename, 1)) == NULL)
> return (-1);
>
> topfile = file;
> @@ -2932,7 +2932,7 @@ load_config(const char *filename, struct
> proto = NULL;
> router = NULL;
>
> - if ((file = pushfile(filename, 0)) == NULL)
> + if ((file = pushfile(filename, 1)) == NULL)
> return (-1);
>
> topfile = file;
>
I come to the same conclusion. However, I would completely remove the
flag since it is no longer used. We should ALWAYS do check_file_secrecy.
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index fcdfb8e92e3..841f42a3775 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -70,7 +70,7 @@ static struct file {
int lineno;
int errors;
} *file, *topfile;
-struct file *pushfile(const char *, int);
+struct file *pushfile(const char *);
int popfile(void);
int check_file_secrecy(int, const char *);
int yyparse(void);
@@ -215,7 +215,7 @@ grammar : /* empty */
include : INCLUDE STRING {
struct file *nfile;
- if ((nfile = pushfile($2, 0)) == NULL) {
+ if ((nfile = pushfile($2)) == NULL) {
yyerror("failed to include file %s", $2);
free($2);
YYERROR;
@@ -2814,7 +2814,7 @@ check_file_secrecy(int fd, const char *fname)
}
struct file *
-pushfile(const char *name, int secret)
+pushfile(const char *name)
{
struct file *nfile;
@@ -2832,8 +2832,7 @@ pushfile(const char *name, int secret)
free(nfile->name);
free(nfile);
return (NULL);
- } else if (secret &&
- check_file_secrecy(fileno(nfile->stream), nfile->name)) {
+ } else if (check_file_secrecy(fileno(nfile->stream), nfile->name)) {
fclose(nfile->stream);
free(nfile->name);
free(nfile);
@@ -2883,7 +2882,7 @@ parse_config(const char *filename, struct relayd *x_conf)
errors = 0;
- if ((file = pushfile(filename, 0)) == NULL)
+ if ((file = pushfile(filename)) == NULL)
return (-1);
topfile = file;
@@ -2932,7 +2931,7 @@ load_config(const char *filename, struct relayd *x_conf)
proto = NULL;
router = NULL;
- if ((file = pushfile(filename, 0)) == NULL)
+ if ((file = pushfile(filename)) == NULL)
return (-1);
topfile = file;
