Annotation of embedaddon/ipsec-tools/src/racoon/safefile.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: safefile.c,v 1.4 2006/09/09 16:22:10 manu Exp $ */
! 2:
! 3: /* $KAME: safefile.c,v 1.5 2001/03/05 19:54:06 thorpej Exp $ */
! 4:
! 5: /*
! 6: * Copyright (C) 2000 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #include "config.h"
! 35:
! 36: #include <sys/types.h>
! 37: #include <sys/stat.h>
! 38: #include <sys/socket.h>
! 39: #include <netinet/in.h>
! 40: #include <unistd.h>
! 41:
! 42: #include "plog.h"
! 43: #include "debug.h"
! 44: #include "misc.h"
! 45: #include "safefile.h"
! 46:
! 47: int
! 48: safefile(path, secret)
! 49: const char *path;
! 50: int secret;
! 51: {
! 52: struct stat s;
! 53: uid_t me;
! 54:
! 55: /* no setuid */
! 56: if (getuid() != geteuid()) {
! 57: plog(LLV_ERROR, LOCATION, NULL,
! 58: "setuid'ed execution not allowed\n");
! 59: return -1;
! 60: }
! 61:
! 62: if (stat(path, &s) != 0)
! 63: return -1;
! 64:
! 65: /* the file must be owned by the running uid */
! 66: me = getuid();
! 67: if (s.st_uid != me) {
! 68: plog(LLV_ERROR, LOCATION, NULL,
! 69: "%s has invalid owner uid\n", path);
! 70: return -1;
! 71: }
! 72:
! 73: switch (s.st_mode & S_IFMT) {
! 74: case S_IFREG:
! 75: break;
! 76: default:
! 77: plog(LLV_ERROR, LOCATION, NULL,
! 78: "%s is an invalid file type 0x%x\n", path,
! 79: (s.st_mode & S_IFMT));
! 80: return -1;
! 81: }
! 82:
! 83: /* secret file should not be read by others */
! 84: if (secret) {
! 85: if ((s.st_mode & S_IRWXG) != 0 || (s.st_mode & S_IRWXO) != 0) {
! 86: plog(LLV_ERROR, LOCATION, NULL,
! 87: "%s has weak file permission\n", path);
! 88: return -1;
! 89: }
! 90: }
! 91:
! 92: return 0;
! 93: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to safefile.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon