1 /*- 2 * Based on code copyright (c) 1995,1997 by 3 * Berkeley Software Design, Inc. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, is permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice immediately at the beginning of the file, without modification, 11 * this list of conditions, and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. This work was done expressly for inclusion into FreeBSD. Other use 16 * is permitted provided this notation is included. 17 * 4. Absolutely no warranty of function or purpose is made by the authors. 18 * 5. Modifications may be freely made to this file providing the above 19 * conditions are met. 20 * 21 * $FreeBSD: src/lib/libutil/_secure_path.c,v 1.5 1999/08/28 00:05:42 peter Exp $ 22 * $DragonFly: src/lib/libutil/_secure_path.c,v 1.4 2008/10/29 22:03:12 swildner Exp $ 23 */ 24 25 26 #include <sys/types.h> 27 #include <sys/stat.h> 28 29 #include <errno.h> 30 #include <syslog.h> 31 32 #include "libutil.h" 33 34 /* 35 * Check for common security problems on a given path 36 * It must be: 37 * 1. A regular file, and exists 38 * 2. Owned and writaable only by root (or given owner) 39 * 3. Group ownership is given group or is non-group writable 40 * 41 * Returns: -2 if file does not exist, 42 * -1 if security test failure 43 * 0 otherwise 44 */ 45 46 int 47 _secure_path(const char *path, uid_t uid, gid_t gid) 48 { 49 int r = -1; 50 struct stat sb; 51 const char *msg = NULL; 52 53 if (lstat(path, &sb) < 0) { 54 if (errno == ENOENT) /* special case */ 55 r = -2; /* if it is just missing, skip the log entry */ 56 else 57 msg = "%s: cannot stat %s: %m"; 58 } 59 else if (!S_ISREG(sb.st_mode)) 60 msg = "%s: %s is not a regular file"; 61 else if (sb.st_mode & S_IWOTH) 62 msg = "%s: %s is world writable"; 63 else if ((int)uid != -1 && sb.st_uid != uid && sb.st_uid != 0) { 64 if (uid == 0) 65 msg = "%s: %s is not owned by root"; 66 else 67 msg = "%s: %s is not owned by uid %d"; 68 } else if ((int)gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP)) 69 msg = "%s: %s is group writeable by non-authorised groups"; 70 else 71 r = 0; 72 if (msg != NULL) 73 syslog(LOG_ERR, msg, "_secure_path", path, uid); 74 return r; 75 } 76