1*1eaf0ac3Slogwang /*-
2*1eaf0ac3Slogwang * Based on code copyright (c) 1995,1997 by
3*1eaf0ac3Slogwang * Berkeley Software Design, Inc.
4*1eaf0ac3Slogwang * All rights reserved.
5*1eaf0ac3Slogwang *
6*1eaf0ac3Slogwang * Redistribution and use in source and binary forms, with or without
7*1eaf0ac3Slogwang * modification, is permitted provided that the following conditions
8*1eaf0ac3Slogwang * are met:
9*1eaf0ac3Slogwang * 1. Redistributions of source code must retain the above copyright
10*1eaf0ac3Slogwang * notice immediately at the beginning of the file, without modification,
11*1eaf0ac3Slogwang * this list of conditions, and the following disclaimer.
12*1eaf0ac3Slogwang * 2. Redistributions in binary form must reproduce the above copyright
13*1eaf0ac3Slogwang * notice, this list of conditions and the following disclaimer in the
14*1eaf0ac3Slogwang * documentation and/or other materials provided with the distribution.
15*1eaf0ac3Slogwang * 3. This work was done expressly for inclusion into FreeBSD. Other use
16*1eaf0ac3Slogwang * is permitted provided this notation is included.
17*1eaf0ac3Slogwang * 4. Absolutely no warranty of function or purpose is made by the authors.
18*1eaf0ac3Slogwang * 5. Modifications may be freely made to this file providing the above
19*1eaf0ac3Slogwang * conditions are met.
20*1eaf0ac3Slogwang */
21*1eaf0ac3Slogwang
22*1eaf0ac3Slogwang #include <sys/cdefs.h>
23*1eaf0ac3Slogwang __FBSDID("$FreeBSD$");
24*1eaf0ac3Slogwang
25*1eaf0ac3Slogwang #include <sys/types.h>
26*1eaf0ac3Slogwang #include <sys/stat.h>
27*1eaf0ac3Slogwang
28*1eaf0ac3Slogwang #include <errno.h>
29*1eaf0ac3Slogwang #include <libutil.h>
30*1eaf0ac3Slogwang #include <stddef.h>
31*1eaf0ac3Slogwang #include <syslog.h>
32*1eaf0ac3Slogwang
33*1eaf0ac3Slogwang /*
34*1eaf0ac3Slogwang * Check for common security problems on a given path
35*1eaf0ac3Slogwang * It must be:
36*1eaf0ac3Slogwang * 1. A regular file, and exists
37*1eaf0ac3Slogwang * 2. Owned and writable only by root (or given owner)
38*1eaf0ac3Slogwang * 3. Group ownership is given group or is non-group writable
39*1eaf0ac3Slogwang *
40*1eaf0ac3Slogwang * Returns: -2 if file does not exist,
41*1eaf0ac3Slogwang * -1 if security test failure
42*1eaf0ac3Slogwang * 0 otherwise
43*1eaf0ac3Slogwang */
44*1eaf0ac3Slogwang
45*1eaf0ac3Slogwang int
_secure_path(const char * path,uid_t uid,gid_t gid)46*1eaf0ac3Slogwang _secure_path(const char *path, uid_t uid, gid_t gid)
47*1eaf0ac3Slogwang {
48*1eaf0ac3Slogwang int r = -1;
49*1eaf0ac3Slogwang struct stat sb;
50*1eaf0ac3Slogwang const char *msg = NULL;
51*1eaf0ac3Slogwang
52*1eaf0ac3Slogwang if (lstat(path, &sb) < 0) {
53*1eaf0ac3Slogwang if (errno == ENOENT) /* special case */
54*1eaf0ac3Slogwang r = -2; /* if it is just missing, skip the log entry */
55*1eaf0ac3Slogwang else
56*1eaf0ac3Slogwang msg = "%s: cannot stat %s: %m";
57*1eaf0ac3Slogwang }
58*1eaf0ac3Slogwang else if (!S_ISREG(sb.st_mode))
59*1eaf0ac3Slogwang msg = "%s: %s is not a regular file";
60*1eaf0ac3Slogwang else if (sb.st_mode & S_IWOTH)
61*1eaf0ac3Slogwang msg = "%s: %s is world writable";
62*1eaf0ac3Slogwang else if ((int)uid != -1 && sb.st_uid != uid && sb.st_uid != 0) {
63*1eaf0ac3Slogwang if (uid == 0)
64*1eaf0ac3Slogwang msg = "%s: %s is not owned by root";
65*1eaf0ac3Slogwang else
66*1eaf0ac3Slogwang msg = "%s: %s is not owned by uid %d";
67*1eaf0ac3Slogwang } else if ((int)gid != -1 && sb.st_gid != gid && (sb.st_mode & S_IWGRP))
68*1eaf0ac3Slogwang msg = "%s: %s is group writeable by non-authorised groups";
69*1eaf0ac3Slogwang else
70*1eaf0ac3Slogwang r = 0;
71*1eaf0ac3Slogwang if (msg != NULL)
72*1eaf0ac3Slogwang syslog(LOG_ERR, msg, "_secure_path", path, uid);
73*1eaf0ac3Slogwang return r;
74*1eaf0ac3Slogwang }
75