xref: /freebsd/lib/libutil/_secure_path.3 (revision daf1cffce2e07931f27c6c6998652e90df6ba87e) 
1.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, is permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice immediately at the beginning of the file, without modification,
9.\"    this list of conditions, and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\" 3. This work was done expressly for inclusion into FreeBSD.  Other use
14.\"    is permitted provided this notation is included.
15.\" 4. Absolutely no warranty of function or purpose is made by the author
16.\"    David Nugent.
17.\" 5. Modifications may be freely made to this file providing the above
18.\"    conditions are met.
19.\"
20.\" $FreeBSD$
21.\"
22.Dd May 2, 1997
23.Os FreeBSD
24.Dt _SECURE_PATH 3
25.Sh NAME
26.Nm _secure_path
27.Nd determine if a file appears to be secure
28.Sh SYNOPSIS
29.Fd #include <sys/types.h>
30.Fd #include <libutil.h>
31.Ft int
32.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid"
33.Pp
34Link with
35.Va -lutil
36on the
37.Xr cc 1
38command line.
39.Sh DESCRIPTION
40This function does some basic security checking on a given path.
41It is intended to be used by processes running with root privileges
42in order to decide whether or not to trust the contents of a given
43file.
44It uses a method often used to detect system compromise.
45.Pp
46A file is considered
47.Sq secure
48if it meets the following conditions:
49.Bl -enum
50.It
51The file exists, and is a regular file (not a symlink, device
52special or named pipe, etc.),
53.It
54Is not world writable.
55.It
56Is owned by the given uid or uid 0, if uid is not -1,
57.It
58Is not group wriable or it has group ownership by the given
59gid, if gid is not -1.
60.El
61.Sh RETURN VALUES
62This function returns zero if the file exists and may be
63considered secure, -2 if the file does not exist, and
64-1 otherwise to indicate a security failure.
65.Xr syslog 3
66is used to log any failure of this function, including the
67reason, at LOG_ERR priority.
68.Sh BUGS
69The checks carried out are rudimentary and no attempt is made
70to eliminate race conditions between use of this function and
71access to the file referenced.
72.Sh SEE ALSO
73.Xr lstat 2 ,
74.Xr syslog 3 .
75.Sh HISTORY
76Code from which this function was derived was contributed to the
77.Fx
78project by Berkeley Software Design, Inc.
79