1 /* 2 Copyright 2020, Dirk Krause. All rights reserved. 3 SPDX-License-Identifier: BSD-3-Clause 4 */ 5 6 #ifndef DK4FOPT_H_INCLUDED 7 #define DK4FOPT_H_INCLUDED 1 8 9 /** @file dk4fopt.h File open tests. 10 */ 11 12 #ifndef DK4CONF_H_INCLUDED 13 #if DK4_BUILDING_DKTOOLS4 14 #include "dk4conf.h" 15 #else 16 #include <dktools-4/dk4conf.h> 17 #endif 18 #endif 19 20 #ifndef DK4NUMCO_H_INCLUDED 21 #if DK4_BUILDING_DKTOOLS4 22 #include <libdk4base/dk4numco.h> 23 #else 24 #include <dktools-4/dk4numco.h> 25 #endif 26 #endif 27 28 /** Skip one ore more security checks when opening files. 29 */ 30 enum { 31 /** Deny write operation if the path does 32 not refer to a regular file. 33 */ 34 DK4_FOPEN_SC_IS_REGULAR = 1, 35 36 /** Deny write operation if any path 37 component is a symbolic link. 38 Ignored on Windows and on systems 39 without symbolic links. 40 */ 41 DK4_FOPEN_SC_WR_SYMLINK_IN_PATH = 2, 42 43 /** Deny write operation if the path 44 is a symbolic link (complete path). 45 Ignored on Windows and on systems 46 without symbolic links. 47 */ 48 DK4_FOPEN_SC_WR_PATH_IS_SYMLINK = 4, 49 50 /** Deny write operation if the path is 51 a symbolic link and the link owner 52 is not the link destination owner. 53 Ignored on Windows, on systems without 54 symbolic links and on systems where 55 the st_uid member of the 56 stat structure has no meaning. 57 */ 58 DK4_FOPEN_SC_WR_SYMLINK_OWNER = 8, 59 60 61 /** Apply security checks recommended 62 for non-privileged users. 63 */ 64 DK4_FOPEN_SC_USER = ( 65 DK4_FOPEN_SC_IS_REGULAR 66 | DK4_FOPEN_SC_WR_SYMLINK_OWNER 67 ), 68 69 /** Apply security checks recommended 70 for privileged users. 71 */ 72 DK4_FOPEN_SC_PRIVILEGED = ( 73 DK4_FOPEN_SC_IS_REGULAR 74 | DK4_FOPEN_SC_WR_SYMLINK_IN_PATH 75 | DK4_FOPEN_SC_WR_PATH_IS_SYMLINK 76 | DK4_FOPEN_SC_WR_SYMLINK_OWNER 77 ), 78 79 /** Apply all security checks 80 (recommended if process is running 81 with administrative privileges). 82 */ 83 DK4_FOPEN_SC_ALL = INT_MAX 84 }; 85 86 #endif 87 88