11eaf0ac3Slogwang.\" Copyright (c) 1997 David Nugent <[email protected]> 21eaf0ac3Slogwang.\" All rights reserved. 31eaf0ac3Slogwang.\" 41eaf0ac3Slogwang.\" Redistribution and use in source and binary forms, with or without 51eaf0ac3Slogwang.\" modification, is permitted provided that the following conditions 61eaf0ac3Slogwang.\" are met: 71eaf0ac3Slogwang.\" 1. Redistributions of source code must retain the above copyright 81eaf0ac3Slogwang.\" notice immediately at the beginning of the file, without modification, 91eaf0ac3Slogwang.\" this list of conditions, and the following disclaimer. 101eaf0ac3Slogwang.\" 2. Redistributions in binary form must reproduce the above copyright 111eaf0ac3Slogwang.\" notice, this list of conditions and the following disclaimer in the 121eaf0ac3Slogwang.\" documentation and/or other materials provided with the distribution. 131eaf0ac3Slogwang.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 141eaf0ac3Slogwang.\" is permitted provided this notation is included. 151eaf0ac3Slogwang.\" 4. Absolutely no warranty of function or purpose is made by the author 161eaf0ac3Slogwang.\" David Nugent. 171eaf0ac3Slogwang.\" 5. Modifications may be freely made to this file providing the above 181eaf0ac3Slogwang.\" conditions are met. 191eaf0ac3Slogwang.\" 201eaf0ac3Slogwang.\" $FreeBSD$ 211eaf0ac3Slogwang.\" 22*22ce4affSfengbojiang.Dd May 10, 2020 231eaf0ac3Slogwang.Dt _SECURE_PATH 3 241eaf0ac3Slogwang.Os 251eaf0ac3Slogwang.Sh NAME 261eaf0ac3Slogwang.Nm _secure_path 271eaf0ac3Slogwang.Nd determine if a file appears to be secure 281eaf0ac3Slogwang.Sh LIBRARY 291eaf0ac3Slogwang.Lb libutil 301eaf0ac3Slogwang.Sh SYNOPSIS 311eaf0ac3Slogwang.In sys/types.h 321eaf0ac3Slogwang.In libutil.h 331eaf0ac3Slogwang.Ft int 341eaf0ac3Slogwang.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid" 351eaf0ac3Slogwang.Sh DESCRIPTION 361eaf0ac3SlogwangThis function does some basic security checking on a given path. 371eaf0ac3SlogwangIt is intended to be used by processes running with root privileges 381eaf0ac3Slogwangin order to decide whether or not to trust the contents of a given 391eaf0ac3Slogwangfile. 401eaf0ac3SlogwangIt uses a method often used to detect system compromise. 411eaf0ac3Slogwang.Pp 421eaf0ac3SlogwangA file is considered 431eaf0ac3Slogwang.Sq secure 441eaf0ac3Slogwangif it meets the following conditions: 451eaf0ac3Slogwang.Bl -enum 461eaf0ac3Slogwang.It 471eaf0ac3SlogwangThe file exists, and is a regular file (not a symlink, device 481eaf0ac3Slogwangspecial or named pipe, etc.), 491eaf0ac3Slogwang.It 501eaf0ac3SlogwangIs not world writable. 511eaf0ac3Slogwang.It 521eaf0ac3SlogwangIs owned by the given uid or uid 0, if uid is not -1, 531eaf0ac3Slogwang.It 541eaf0ac3SlogwangIs not group writable or it has group ownership by the given 551eaf0ac3Slogwanggid, if gid is not -1. 561eaf0ac3Slogwang.El 571eaf0ac3Slogwang.Sh RETURN VALUES 581eaf0ac3SlogwangThis function returns zero if the file exists and may be 591eaf0ac3Slogwangconsidered secure, -2 if the file does not exist, and 601eaf0ac3Slogwang-1 otherwise to indicate a security failure. 611eaf0ac3SlogwangThe 621eaf0ac3Slogwang.Xr syslog 3 631eaf0ac3Slogwangfunction is used to log any failure of this function, including the 641eaf0ac3Slogwangreason, at LOG_ERR priority. 651eaf0ac3Slogwang.Sh SEE ALSO 661eaf0ac3Slogwang.Xr lstat 2 , 671eaf0ac3Slogwang.Xr syslog 3 681eaf0ac3Slogwang.Sh HISTORY 691eaf0ac3SlogwangCode from which this function was derived was contributed to the 701eaf0ac3Slogwang.Fx 711eaf0ac3Slogwangproject by Berkeley Software Design, Inc. 72*22ce4affSfengbojiangThe function 73*22ce4affSfengbojiang.Fn _secure_path 74*22ce4affSfengbojiangfirst appeared in 75*22ce4affSfengbojiang.Fx 2.2.5 . 761eaf0ac3Slogwang.Sh BUGS 771eaf0ac3SlogwangThe checks carried out are rudimentary and no attempt is made 781eaf0ac3Slogwangto eliminate race conditions between use of this function and 791eaf0ac3Slogwangaccess to the file referenced. 80