openpam_check_owner_perms.c (228809) | openpam_check_owner_perms.c (236099) |
---|---|
1/*- 2 * Copyright (c) 2011 Dag-Erling Sm��rgrav 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer 10 * in this position and unchanged. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. | 1/*- 2 * Copyright (c) 2011 Dag-Erling Sm��rgrav 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer 10 * in this position and unchanged. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. |
14 * 3. The name of the author may not be used to endorse or promote 15 * products derived from this software without specific prior written 16 * permission. |
|
14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * | 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * |
27 * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $ | 30 * $Id: openpam_check_owner_perms.c 543 2012-03-31 22:11:34Z des $ |
28 */ 29 30#ifdef HAVE_CONFIG_H 31# include "config.h" 32#endif 33 34#include <sys/types.h> 35#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 62 root = 0; 63 arbitrator = geteuid(); 64 if (fstat(fd, &sb) != 0) { 65 serrno = errno; 66 openpam_log(PAM_LOG_ERROR, "%s: %m", name); 67 errno = serrno; 68 return (-1); 69 } | 31 */ 32 33#ifdef HAVE_CONFIG_H 34# include "config.h" 35#endif 36 37#include <sys/types.h> 38#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 65 root = 0; 66 arbitrator = geteuid(); 67 if (fstat(fd, &sb) != 0) { 68 serrno = errno; 69 openpam_log(PAM_LOG_ERROR, "%s: %m", name); 70 errno = serrno; 71 return (-1); 72 } |
73 if (!S_ISREG(sb.st_mode)) { 74 openpam_log(PAM_LOG_ERROR, 75 "%s: not a regular file", name); 76 errno = EINVAL; 77 return (-1); 78 } |
|
70 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 71 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 72 openpam_log(PAM_LOG_ERROR, 73 "%s: insecure ownership or permissions", name); 74 errno = EPERM; 75 return (-1); 76 } 77 return (0); 78} 79 80/* 81 * OpenPAM internal 82 * 83 * Verify that a file or directory and all components of the path leading 84 * up to it are owned by either root or the arbitrator and that they are 85 * not writable by group or other. 86 * | 79 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 80 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 81 openpam_log(PAM_LOG_ERROR, 82 "%s: insecure ownership or permissions", name); 83 errno = EPERM; 84 return (-1); 85 } 86 return (0); 87} 88 89/* 90 * OpenPAM internal 91 * 92 * Verify that a file or directory and all components of the path leading 93 * up to it are owned by either root or the arbitrator and that they are 94 * not writable by group or other. 95 * |
87 * Note that openpam_check_file_owner_perms() should be used instead if | 96 * Note that openpam_check_desc_owner_perms() should be used instead if |
88 * possible to avoid a race between the ownership / permission check and 89 * the actual open(). 90 */ 91 92int 93openpam_check_path_owner_perms(const char *path) 94{ 95 uid_t root, arbitrator; 96 char pathbuf[PATH_MAX]; 97 struct stat sb; | 97 * possible to avoid a race between the ownership / permission check and 98 * the actual open(). 99 */ 100 101int 102openpam_check_path_owner_perms(const char *path) 103{ 104 uid_t root, arbitrator; 105 char pathbuf[PATH_MAX]; 106 struct stat sb; |
98 int len, serrno; | 107 int len, serrno, tip; |
99 | 108 |
109 tip = 1; |
|
100 root = 0; 101 arbitrator = geteuid(); 102 if (realpath(path, pathbuf) == NULL) 103 return (-1); 104 len = strlen(pathbuf); 105 while (len > 0) { 106 if (stat(pathbuf, &sb) != 0) { 107 if (errno != ENOENT) { 108 serrno = errno; 109 openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf); 110 errno = serrno; 111 } 112 return (-1); 113 } | 110 root = 0; 111 arbitrator = geteuid(); 112 if (realpath(path, pathbuf) == NULL) 113 return (-1); 114 len = strlen(pathbuf); 115 while (len > 0) { 116 if (stat(pathbuf, &sb) != 0) { 117 if (errno != ENOENT) { 118 serrno = errno; 119 openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf); 120 errno = serrno; 121 } 122 return (-1); 123 } |
124 if (tip && !S_ISREG(sb.st_mode)) { 125 openpam_log(PAM_LOG_ERROR, 126 "%s: not a regular file", pathbuf); 127 errno = EINVAL; 128 return (-1); 129 } |
|
114 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 115 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 116 openpam_log(PAM_LOG_ERROR, 117 "%s: insecure ownership or permissions", pathbuf); 118 errno = EPERM; 119 return (-1); 120 } 121 while (--len > 0 && pathbuf[len] != '/') 122 pathbuf[len] = '\0'; | 130 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 131 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 132 openpam_log(PAM_LOG_ERROR, 133 "%s: insecure ownership or permissions", pathbuf); 134 errno = EPERM; 135 return (-1); 136 } 137 while (--len > 0 && pathbuf[len] != '/') 138 pathbuf[len] = '\0'; |
139 tip = 0; |
|
123 } 124 return (0); 125} 126 127/* 128 * NOPARSE 129 */ | 140 } 141 return (0); 142} 143 144/* 145 * NOPARSE 146 */ |