MFC:
[dragonfly.git] / lib / libutil / _secure_path.c
blobb3fa1371c2134b90f3b6b5f9fd2e72d40bfa37a3
1 /*-
2 * Based on code copyright (c) 1995,1997 by
3 * Berkeley Software Design, Inc.
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, is permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice immediately at the beginning of the file, without modification,
11 * this list of conditions, and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. This work was done expressly for inclusion into FreeBSD. Other use
16 * is permitted provided this notation is included.
17 * 4. Absolutely no warranty of function or purpose is made by the authors.
18 * 5. Modifications may be freely made to this file providing the above
19 * conditions are met.
21 * $FreeBSD: src/lib/libutil/_secure_path.c,v 1.5 1999/08/28 00:05:42 peter Exp $
22 * $DragonFly: src/lib/libutil/_secure_path.c,v 1.3 2005/03/04 04:31:11 cpressey Exp $
26 #include <sys/types.h>
27 #include <sys/stat.h>
29 #include <errno.h>
30 #include <syslog.h>
32 #include "libutil.h"
35 * Check for common security problems on a given path
36 * It must be:
37 * 1. A regular file, and exists
38 * 2. Owned and writaable only by root (or given owner)
39 * 3. Group ownership is given group or is non-group writable
41 * Returns: -2 if file does not exist,
42 * -1 if security test failure
43 * 0 otherwise
46 int
47 _secure_path(const char *path, uid_t uid, gid_t gid)
49 int r = -1;
50 struct stat sb;
51 const char *msg = NULL;
53 if (lstat(path, &sb) < 0) {
54 if (errno == ENOENT) /* special case */
55 r = -2; /* if it is just missing, skip the log entry */
56 else
57 msg = "%s: cannot stat %s: %m";
59 else if (!S_ISREG(sb.st_mode))
60 msg = "%s: %s is not a regular file";
61 else if (sb.st_mode & S_IWOTH)
62 msg = "%s: %s is world writable";
63 else if (uid != -1 && sb.st_uid != uid && sb.st_uid != 0) {
64 if (uid == 0)
65 msg = "%s: %s is not owned by root";
66 else
67 msg = "%s: %s is not owned by uid %d";
68 } else if (gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP))
69 msg = "%s: %s is group writeable by non-authorised groups";
70 else
71 r = 0;
72 if (msg != NULL)
73 syslog(LOG_ERR, msg, "_secure_path", path, uid);
74 return r;