diff options
Diffstat (limited to 'lib/libutil/_secure_path.3')
| -rw-r--r-- | lib/libutil/_secure_path.3 | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/lib/libutil/_secure_path.3 b/lib/libutil/_secure_path.3 new file mode 100644 index 0000000..e962669 --- /dev/null +++ b/lib/libutil/_secure_path.3 @@ -0,0 +1,73 @@ +.\" Copyright (c) 1997 David Nugent <davidn@blaze.net.au> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, is permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice immediately at the beginning of the file, without modification, +.\" this list of conditions, and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. This work was done expressly for inclusion into FreeBSD. Other use +.\" is permitted provided this notation is included. +.\" 4. Absolutely no warranty of function or purpose is made by the author +.\" David Nugent. +.\" 5. Modifications may be freely made to this file providing the above +.\" conditions are met. +.\" +.\" $FreeBSD$ +.\" +.Dd May 2, 1997 +.Os FreeBSD +.Dt _SECURE_PATH 3 +.Sh NAME +.Nm _secure_path +.Nd determine if a file appears to be secure +.Sh SYNOPSIS +.Fd #include <sys/types.h> +.Fd #include <libutil.h> +.Ft int +.Fn _secure_path "const char *path" "uid_t uid" "gid_t gid" +.Pp +.Sh DESCRIPTION +This function does some basic security checking on a given path. +It is intended to be used by processes running with root privileges +in order to decide whether or not to trust the contents of a given +file. +It uses a method often used to detect system compromise. +.Pp +A file is considered +.Sq secure +if it meets the following conditions: +.Bl -enum +.It +The file exists, and is a regular file (not a symlink, device +special or named pipe, etc.), +.It +Is not world writable. +.It +Is owned by the given uid or uid 0, if uid is not -1, +.It +Is not group wriable or it has group ownership by the given +gid, if gid is not -1. +.El +.Sh RETURN VALUES +This function returns zero if the file exists and may be +considered secure, -2 if the file does not exist, and +-1 otherwise to indicate a security failure. +.Xr syslog 3 +is used to log any failure of this function, including the +reason, at LOG_ERR priority. +.Sh BUGS +The checks carried out are rudimentary and no attempt is made +to eliminate race conditions between use of this function and +access to the file referenced. +.Sh SEE ALSO +.Xr lstat 2 , +.Xr syslog 3 . +.Sh HISTORY +Code from which this function was derived was contributed to the +.Fx +project by Berkeley Software Design, Inc. |
