Annotation of embedaddon/ipsec-tools/src/racoon/safefile.c, revision 1.1.1.1
1.1 misho 1: /* $NetBSD: safefile.c,v 1.4 2006/09/09 16:22:10 manu Exp $ */
2:
3: /* $KAME: safefile.c,v 1.5 2001/03/05 19:54:06 thorpej Exp $ */
4:
5: /*
6: * Copyright (C) 2000 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #include "config.h"
35:
36: #include <sys/types.h>
37: #include <sys/stat.h>
38: #include <sys/socket.h>
39: #include <netinet/in.h>
40: #include <unistd.h>
41:
42: #include "plog.h"
43: #include "debug.h"
44: #include "misc.h"
45: #include "safefile.h"
46:
47: int
48: safefile(path, secret)
49: const char *path;
50: int secret;
51: {
52: struct stat s;
53: uid_t me;
54:
55: /* no setuid */
56: if (getuid() != geteuid()) {
57: plog(LLV_ERROR, LOCATION, NULL,
58: "setuid'ed execution not allowed\n");
59: return -1;
60: }
61:
62: if (stat(path, &s) != 0)
63: return -1;
64:
65: /* the file must be owned by the running uid */
66: me = getuid();
67: if (s.st_uid != me) {
68: plog(LLV_ERROR, LOCATION, NULL,
69: "%s has invalid owner uid\n", path);
70: return -1;
71: }
72:
73: switch (s.st_mode & S_IFMT) {
74: case S_IFREG:
75: break;
76: default:
77: plog(LLV_ERROR, LOCATION, NULL,
78: "%s is an invalid file type 0x%x\n", path,
79: (s.st_mode & S_IFMT));
80: return -1;
81: }
82:
83: /* secret file should not be read by others */
84: if (secret) {
85: if ((s.st_mode & S_IRWXG) != 0 || (s.st_mode & S_IRWXO) != 0) {
86: plog(LLV_ERROR, LOCATION, NULL,
87: "%s has weak file permission\n", path);
88: return -1;
89: }
90: }
91:
92: return 0;
93: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to safefile.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon