xref: /freebsd/lib/libutil/_secure_path.3 (revision 4cf49a43559ed9fdad601bdcccd2c55963008675) 
1.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, is permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice immediately at the beginning of the file, without modification,
9.\"    this list of conditions, and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\" 3. This work was done expressly for inclusion into FreeBSD.  Other use
14.\"    is permitted provided this notation is included.
15.\" 4. Absolutely no warranty of function or purpose is made by the author
16.\"    David Nugent.
17.\" 5. Modifications may be freely made to this file providing the above
18.\"    conditions are met.
19.\"
20.\" $FreeBSD$
21.\"
22.Dd May 2, 1997
23.Os FreeBSD
24.Dt _SECURE_PATH 3
25.Sh NAME
26.Nm _secure_path
27.Nd determine if a file appears to be secure
28.Sh SYNOPSIS
29.Fd #include <sys/types.h>
30.Fd #include <libutil.h>
31.Ft int
32.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid"
33.Pp
34.Sh DESCRIPTION
35This function does some basic security checking on a given path.
36It is intended to be used by processes running with root privileges
37in order to decide whether or not to trust the contents of a given
38file.
39It uses a method often used to detect system compromise.
40.Pp
41A file is considered
42.Sq secure
43if it meets the following conditions:
44.Bl -enum
45.It
46The file exists, and is a regular file (not a symlink, device
47special or named pipe, etc.),
48.It
49Is not world writable.
50.It
51Is owned by the given uid or uid 0, if uid is not -1,
52.It
53Is not group wriable or it has group ownership by the given
54gid, if gid is not -1.
55.El
56.Sh RETURN VALUES
57This function returns zero if the file exists and may be
58considered secure, -2 if the file does not exist, and
59-1 otherwise to indicate a security failure.
60.Xr syslog 3
61is used to log any failure of this function, including the
62reason, at LOG_ERR priority.
63.Sh BUGS
64The checks carried out are rudimentary and no attempt is made
65to eliminate race conditions between use of this function and
66access to the file referenced.
67.Sh SEE ALSO
68.Xr lstat 2 ,
69.Xr syslog 3 .
70.Sh HISTORY
71Code from which this function was derived was contributed to the
72.Fx
73project by Berkeley Software Design, Inc.
74