xref: /freebsd/lib/libutil/_secure_path.3 (revision a8445737e740901f5f2c8d24c12ef7fc8b00134e) 
1.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, is permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice immediately at the beginning of the file, without modification,
9.\"    this list of conditions, and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\" 3. This work was done expressly for inclusion into FreeBSD.  Other use
14.\"    is permitted provided this notation is included.
15.\" 4. Absolutely no warranty of function or purpose is made by the author
16.\"    David Nugent.
17.\" 5. Modifications may be freely made to this file providing the above
18.\"    conditions are met.
19.\"
20.\" $Id: _secure_path.3,v 1.2 1997/05/15 06:06:32 davidn Exp $
21.\"
22.Dd May 2, 1997
23.Os FreeBSD
24.Dt _SECURE_PATH 3
25.Sh NAME
26.Nm _secure_path
27.Nd determine if a file appears to be secure
28.Sh SYNOPSIS
29.Fd #include <sys/types.h>
30.Fd #include <libutil.h>
31.Ft int
32.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid"
33.Pp
34.Sh DESCRIPTION
35This function does some basic security checking on a given path.
36It is intended to be used by processes running with root privileges
37in order to decide whether or not to trust the contents of a given
38file.
39It uses a method often used to detect system compromise.
40.Pp
41A file is considered 'secure' if it meets the following conditions:
42.Bl -enum
43.It
44The file exists, and is a regular file (not a symlink, device
45special or named pipe, etc.),
46.It
47Is not world writable.
48.It
49Is owned by the given uid or uid 0, if uid is not -1,
50.It
51Is not group wriable or it has group ownership by the given
52gid, if gid is not -1.
53.El
54.Sh RETURN VALUES
55This function returns zero if the file exists and may be
56considered secure, -2 if the file does not exist, and
57-1 otherwise to indicate a security failure.
58.Xr syslog 3 ,
59is used to log any failure of this function, including the
60reason, at LOG_ERR priority.
61.Sh BUGS
62The checks carried out are rudimentary and no attempt is made
63to eliminate race conditions between use of this function and
64access to the file referenced.
65.Sh SEE ALSO
66.Xr lstat 3 ,
67.Xr syslog 3 .
68.Sh HISTORY
69Code from which this function was derived was contributed to the
70FreeBSD project by Berkeley Software Design, Inc.
71