1.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, is permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice immediately at the beginning of the file, without modification, 9.\" this list of conditions, and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14.\" is permitted provided this notation is included. 15.\" 4. Absolutely no warranty of function or purpose is made by the author 16.\" David Nugent. 17.\" 5. Modifications may be freely made to this file providing the above 18.\" conditions are met. 19.\" 20.\" $FreeBSD$ 21.\" 22.Dd May 2, 1997 23.Os FreeBSD 24.Dt _SECURE_PATH 3 25.Sh NAME 26.Nm _secure_path 27.Nd determine if a file appears to be secure 28.Sh SYNOPSIS 29.Fd #include <sys/types.h> 30.Fd #include <libutil.h> 31.Ft int 32.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid" 33.Pp 34.Sh DESCRIPTION 35This function does some basic security checking on a given path. 36It is intended to be used by processes running with root privileges 37in order to decide whether or not to trust the contents of a given 38file. 39It uses a method often used to detect system compromise. 40.Pp 41A file is considered 'secure' if it meets the following conditions: 42.Bl -enum 43.It 44The file exists, and is a regular file (not a symlink, device 45special or named pipe, etc.), 46.It 47Is not world writable. 48.It 49Is owned by the given uid or uid 0, if uid is not -1, 50.It 51Is not group wriable or it has group ownership by the given 52gid, if gid is not -1. 53.El 54.Sh RETURN VALUES 55This function returns zero if the file exists and may be 56considered secure, -2 if the file does not exist, and 57-1 otherwise to indicate a security failure. 58.Xr syslog 3 , 59is used to log any failure of this function, including the 60reason, at LOG_ERR priority. 61.Sh BUGS 62The checks carried out are rudimentary and no attempt is made 63to eliminate race conditions between use of this function and 64access to the file referenced. 65.Sh SEE ALSO 66.Xr lstat 2 , 67.Xr syslog 3 . 68.Sh HISTORY 69Code from which this function was derived was contributed to the 70FreeBSD project by Berkeley Software Design, Inc. 71