xref: /dragonfly/lib/libutil/_secure_path.c (revision 36a3d1d6) 
1 /*-
2  * Based on code copyright (c) 1995,1997 by
3  * Berkeley Software Design, Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, is permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice immediately at the beginning of the file, without modification,
11  *    this list of conditions, and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
16  *    is permitted provided this notation is included.
17  * 4. Absolutely no warranty of function or purpose is made by the authors.
18  * 5. Modifications may be freely made to this file providing the above
19  *    conditions are met.
20  *
21  * $FreeBSD: src/lib/libutil/_secure_path.c,v 1.5 1999/08/28 00:05:42 peter Exp $
22  * $DragonFly: src/lib/libutil/_secure_path.c,v 1.4 2008/10/29 22:03:12 swildner Exp $
23  */
24 
25 
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 
29 #include <errno.h>
30 #include <syslog.h>
31 
32 #include "libutil.h"
33 
34 /*
35  * Check for common security problems on a given path
36  * It must be:
37  * 1. A regular file, and exists
38  * 2. Owned and writaable only by root (or given owner)
39  * 3. Group ownership is given group or is non-group writable
40  *
41  * Returns:	-2 if file does not exist,
42  *		-1 if security test failure
43  *		0  otherwise
44  */
45 
46 int
47 _secure_path(const char *path, uid_t uid, gid_t gid)
48 {
49     int		r = -1;
50     struct stat	sb;
51     const char	*msg = NULL;
52 
53     if (lstat(path, &sb) < 0) {
54 	if (errno == ENOENT) /* special case */
55 	    r = -2;  /* if it is just missing, skip the log entry */
56 	else
57 	    msg = "%s: cannot stat %s: %m";
58     }
59     else if (!S_ISREG(sb.st_mode))
60     	msg = "%s: %s is not a regular file";
61     else if (sb.st_mode & S_IWOTH)
62     	msg = "%s: %s is world writable";
63     else if ((int)uid != -1 && sb.st_uid != uid && sb.st_uid != 0) {
64     	if (uid == 0)
65     		msg = "%s: %s is not owned by root";
66     	else
67     		msg = "%s: %s is not owned by uid %d";
68     } else if ((int)gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP))
69     	msg = "%s: %s is group writeable by non-authorised groups";
70     else
71     	r = 0;
72     if (msg != NULL)
73 	syslog(LOG_ERR, msg, "_secure_path", path, uid);
74     return r;
75 }
76