openpam_check_owner_perms.c (302408) | openpam_check_owner_perms.c (228690) |
---|---|
1/*- 2 * Copyright (c) 2011 Dag-Erling Sm��rgrav 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright | 1/*- 2 * Copyright (c) 2011 Dag-Erling Sm��rgrav 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer 10 * in this position and unchanged. |
10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. | 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. |
13 * 3. The name of the author may not be used to endorse or promote 14 * products derived from this software without specific prior written 15 * permission. | |
16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * | 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * |
29 * $Id: openpam_check_owner_perms.c 648 2013-03-05 17:54:27Z des $ | 27 * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $ |
30 */ 31 32#ifdef HAVE_CONFIG_H 33# include "config.h" 34#endif 35 36#include <sys/types.h> 37#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 64 root = 0; 65 arbitrator = geteuid(); 66 if (fstat(fd, &sb) != 0) { 67 serrno = errno; 68 openpam_log(PAM_LOG_ERROR, "%s: %m", name); 69 errno = serrno; 70 return (-1); 71 } | 28 */ 29 30#ifdef HAVE_CONFIG_H 31# include "config.h" 32#endif 33 34#include <sys/types.h> 35#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 62 root = 0; 63 arbitrator = geteuid(); 64 if (fstat(fd, &sb) != 0) { 65 serrno = errno; 66 openpam_log(PAM_LOG_ERROR, "%s: %m", name); 67 errno = serrno; 68 return (-1); 69 } |
72 if (!S_ISREG(sb.st_mode)) { 73 openpam_log(PAM_LOG_ERROR, 74 "%s: not a regular file", name); 75 errno = EINVAL; 76 return (-1); 77 } | |
78 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 79 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 80 openpam_log(PAM_LOG_ERROR, 81 "%s: insecure ownership or permissions", name); 82 errno = EPERM; 83 return (-1); 84 } 85 return (0); 86} 87 88/* 89 * OpenPAM internal 90 * 91 * Verify that a file or directory and all components of the path leading 92 * up to it are owned by either root or the arbitrator and that they are 93 * not writable by group or other. 94 * | 70 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 71 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 72 openpam_log(PAM_LOG_ERROR, 73 "%s: insecure ownership or permissions", name); 74 errno = EPERM; 75 return (-1); 76 } 77 return (0); 78} 79 80/* 81 * OpenPAM internal 82 * 83 * Verify that a file or directory and all components of the path leading 84 * up to it are owned by either root or the arbitrator and that they are 85 * not writable by group or other. 86 * |
95 * Note that openpam_check_desc_owner_perms() should be used instead if | 87 * Note that openpam_check_file_owner_perms() should be used instead if |
96 * possible to avoid a race between the ownership / permission check and 97 * the actual open(). 98 */ 99 100int 101openpam_check_path_owner_perms(const char *path) 102{ 103 uid_t root, arbitrator; 104 char pathbuf[PATH_MAX]; 105 struct stat sb; | 88 * possible to avoid a race between the ownership / permission check and 89 * the actual open(). 90 */ 91 92int 93openpam_check_path_owner_perms(const char *path) 94{ 95 uid_t root, arbitrator; 96 char pathbuf[PATH_MAX]; 97 struct stat sb; |
106 int len, serrno, tip; | 98 int len, serrno; |
107 | 99 |
108 tip = 1; | |
109 root = 0; 110 arbitrator = geteuid(); 111 if (realpath(path, pathbuf) == NULL) 112 return (-1); 113 len = strlen(pathbuf); 114 while (len > 0) { 115 if (stat(pathbuf, &sb) != 0) { | 100 root = 0; 101 arbitrator = geteuid(); 102 if (realpath(path, pathbuf) == NULL) 103 return (-1); 104 len = strlen(pathbuf); 105 while (len > 0) { 106 if (stat(pathbuf, &sb) != 0) { |
116 if (errno != ENOENT) { 117 serrno = errno; 118 openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf); 119 errno = serrno; 120 } | 107 serrno = errno; 108 openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf); 109 errno = serrno; |
121 return (-1); 122 } | 110 return (-1); 111 } |
123 if (tip && !S_ISREG(sb.st_mode)) { 124 openpam_log(PAM_LOG_ERROR, 125 "%s: not a regular file", pathbuf); 126 errno = EINVAL; 127 return (-1); 128 } | |
129 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 130 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 131 openpam_log(PAM_LOG_ERROR, 132 "%s: insecure ownership or permissions", pathbuf); 133 errno = EPERM; 134 return (-1); 135 } 136 while (--len > 0 && pathbuf[len] != '/') 137 pathbuf[len] = '\0'; | 112 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 113 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 114 openpam_log(PAM_LOG_ERROR, 115 "%s: insecure ownership or permissions", pathbuf); 116 errno = EPERM; 117 return (-1); 118 } 119 while (--len > 0 && pathbuf[len] != '/') 120 pathbuf[len] = '\0'; |
138 tip = 0; | |
139 } 140 return (0); 141} 142 143/* 144 * NOPARSE 145 */ | 121 } 122 return (0); 123} 124 125/* 126 * NOPARSE 127 */ |