_secure_path.c revision 25829
125670Sdavidn/*- 225670Sdavidn * Based on code copyright (c) 1995,1997 by 325670Sdavidn * Berkeley Software Design, Inc. 425670Sdavidn * All rights reserved. 525670Sdavidn * 625670Sdavidn * Redistribution and use in source and binary forms, with or without 725670Sdavidn * modification, is permitted provided that the following conditions 825670Sdavidn * are met: 925670Sdavidn * 1. Redistributions of source code must retain the above copyright 1025670Sdavidn * notice immediately at the beginning of the file, without modification, 1125670Sdavidn * this list of conditions, and the following disclaimer. 1225670Sdavidn * 2. Redistributions in binary form must reproduce the above copyright 1325670Sdavidn * notice, this list of conditions and the following disclaimer in the 1425670Sdavidn * documentation and/or other materials provided with the distribution. 1525670Sdavidn * 3. This work was done expressly for inclusion into FreeBSD. Other use 1625670Sdavidn * is permitted provided this notation is included. 1725670Sdavidn * 4. Absolutely no warranty of function or purpose is made by the authors. 1825670Sdavidn * 5. Modifications may be freely made to this file providing the above 1925670Sdavidn * conditions are met. 2025670Sdavidn * 2125829Sdavidn * $Id: _secure_path.c,v 1.1 1997/05/10 18:55:37 davidn Exp $ 2225670Sdavidn */ 2325670Sdavidn 2425670Sdavidn 2525670Sdavidn#include <sys/types.h> 2625670Sdavidn#include <sys/stat.h> 2725670Sdavidn#include <syslog.h> 2825670Sdavidn#include <errno.h> 2925670Sdavidn#include <libutil.h> 3025670Sdavidn 3125670Sdavidn/* 3225670Sdavidn * Check for common security problems on a given path 3325670Sdavidn * It must be: 3425670Sdavidn * 1. A regular file, and exists 3525670Sdavidn * 2. Owned and writaable only by root (or given owner) 3625670Sdavidn * 3. Group ownership is given group or is non-group writable 3725670Sdavidn * 3825670Sdavidn * Returns: -2 if file does not exist, 3925670Sdavidn * -1 if security test failure 4025670Sdavidn * 0 otherwise 4125670Sdavidn */ 4225670Sdavidn 4325670Sdavidnint 4425670Sdavidn_secure_path(const char *path, uid_t uid, gid_t gid) 4525670Sdavidn{ 4625670Sdavidn int r = -1; 4725670Sdavidn struct stat sb; 4825670Sdavidn const char *msg = NULL; 4925670Sdavidn 5025670Sdavidn if (lstat(path, &sb) < 0) { 5125670Sdavidn if (errno == ENOENT) /* special case */ 5225670Sdavidn r = -2; /* if it is just missing, skip the log entry */ 5325670Sdavidn else 5425670Sdavidn msg = "%s: cannot stat %s: %m"; 5525670Sdavidn } 5625670Sdavidn else if (!S_ISREG(sb.st_mode)) 5725670Sdavidn msg = "%s: %s is not a regular file"; 5825670Sdavidn else if (sb.st_mode & S_IWOTH) 5925670Sdavidn msg = "%s: %s is world writable"; 6025829Sdavidn else if (uid != -1 && sb.st_uid != uid && sb.st_uid != 0) { 6125670Sdavidn if (uid == 0) 6225670Sdavidn msg = "%s: %s is not owned by root"; 6325670Sdavidn else 6425670Sdavidn msg = "%s: %s is not owned by uid %d"; 6525670Sdavidn } else if (gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP)) 6625670Sdavidn msg = "%s: %s is group writeable by non-authorised groups"; 6725670Sdavidn else 6825670Sdavidn r = 0; 6925670Sdavidn if (msg != NULL) 7025670Sdavidn syslog(LOG_ERR, msg, "_secure_path", path, uid); 7125670Sdavidn return r; 7225670Sdavidn} 73