1/*-
2 * Based on code copyright (c) 1995,1997 by
3 * Berkeley Software Design, Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, is permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice immediately at the beginning of the file, without modification,
11 *    this list of conditions, and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. This work was done expressly for inclusion into FreeBSD.  Other use
16 *    is permitted provided this notation is included.
17 * 4. Absolutely no warranty of function or purpose is made by the authors.
18 * 5. Modifications may be freely made to this file providing the above
19 *    conditions are met.
20 */
21
22#include <sys/cdefs.h>
23__FBSDID("$FreeBSD: src/lib/libutil/_secure_path.c,v 1.9 2004/12/18 12:31:12 ru Exp $");
24
25#include <sys/types.h>
26#include <sys/stat.h>
27
28#include <errno.h>
29#include <libutil.h>
30#include <stddef.h>
31#include <syslog.h>
32
33/*
34 * Check for common security problems on a given path
35 * It must be:
36 * 1. A regular file, and exists
37 * 2. Owned and writable only by root (or given owner)
38 * 3. Group ownership is given group or is non-group writable
39 *
40 * Returns:	-2 if file does not exist,
41 *		-1 if security test failure
42 *		0  otherwise
43 */
44
45int
46_secure_path(const char *path, uid_t uid, gid_t gid)
47{
48    int		r = -1;
49    struct stat	sb;
50    const char	*msg = NULL;
51
52    if (lstat(path, &sb) < 0) {
53	if (errno == ENOENT) /* special case */
54	    r = -2;  /* if it is just missing, skip the log entry */
55	else
56	    msg = "%s: cannot stat %s: %m";
57    }
58    else if (!S_ISREG(sb.st_mode))
59    	msg = "%s: %s is not a regular file";
60    else if (sb.st_mode & S_IWOTH)
61    	msg = "%s: %s is world writable";
62    else if ((int)uid != -1 && sb.st_uid != uid && sb.st_uid != 0) {
63    	if (uid == 0)
64    		msg = "%s: %s is not owned by root";
65    	else
66    		msg = "%s: %s is not owned by uid %d";
67    } else if ((int)gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP))
68    	msg = "%s: %s is group writeable by non-authorised groups";
69    else
70    	r = 0;
71    if (msg != NULL)
72	syslog(LOG_ERR, msg, "_secure_path", path, uid);
73    return r;
74}
75