]>
git.saurik.com Git - apple/libutil.git/blob - _secure_path.c
2 * Based on code copyright (c) 1995,1997 by
3 * Berkeley Software Design, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, is permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice immediately at the beginning of the file, without modification,
11 * this list of conditions, and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. This work was done expressly for inclusion into FreeBSD. Other use
16 * is permitted provided this notation is included.
17 * 4. Absolutely no warranty of function or purpose is made by the authors.
18 * 5. Modifications may be freely made to this file providing the above
22 #include <sys/cdefs.h>
24 #include <sys/types.h>
33 * Check for common security problems on a given path
35 * 1. A regular file, and exists
36 * 2. Owned and writable only by root (or given owner)
37 * 3. Group ownership is given group or is non-group writable
39 * Returns: -2 if file does not exist,
40 * -1 if security test failure
45 _secure_path(const char *path
, uid_t uid
, gid_t gid
)
49 const char *msg
= NULL
;
51 if (lstat(path
, &sb
) < 0) {
52 if (errno
== ENOENT
) /* special case */
53 r
= -2; /* if it is just missing, skip the log entry */
55 msg
= "%s: cannot stat %s: %m";
57 else if (!S_ISREG(sb
.st_mode
))
58 msg
= "%s: %s is not a regular file";
59 else if (sb
.st_mode
& S_IWOTH
)
60 msg
= "%s: %s is world writable";
61 else if ((int)uid
!= -1 && sb
.st_uid
!= uid
&& sb
.st_uid
!= 0) {
63 msg
= "%s: %s is not owned by root";
65 msg
= "%s: %s is not owned by uid %d";
66 } else if ((int)gid
!= -1 && sb
.st_gid
!= gid
&& (sb
.st_mode
& S_IWGRP
))
67 msg
= "%s: %s is group writeable by non-authorised groups";
71 syslog(LOG_ERR
, msg
, "_secure_path", path
, uid
);