Annotation of embedaddon/sudo/common/secure_path.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
! 3: *
! 4: * Permission to use, copy, modify, and distribute this software for any
! 5: * purpose with or without fee is hereby granted, provided that the above
! 6: * copyright notice and this permission notice appear in all copies.
! 7: *
! 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 15: */
! 16:
! 17: #include <config.h>
! 18:
! 19: #include <sys/types.h>
! 20: #include <sys/stat.h>
! 21: #include <sys/param.h>
! 22: #include <stdio.h>
! 23: #ifdef HAVE_STRING_H
! 24: # include <string.h>
! 25: #endif /* HAVE_STRING_H */
! 26: #ifdef HAVE_STRINGS_H
! 27: # include <strings.h>
! 28: #endif /* HAVE_STRINGS_H */
! 29: #ifdef HAVE_UNISTD_H
! 30: # include <unistd.h>
! 31: #endif /* HAVE_UNISTD_H */
! 32: #include <errno.h>
! 33:
! 34: #include "missing.h"
! 35: #include "sudo_debug.h"
! 36: #include "secure_path.h"
! 37:
! 38: /*
! 39: * Verify that path is the right type and not writable by other users.
! 40: */
! 41: int
! 42: sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp)
! 43: {
! 44: struct stat sb;
! 45: int rval = SUDO_PATH_MISSING;
! 46: debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL)
! 47:
! 48: if (path != NULL && stat_sudoers(path, &sb) == 0) {
! 49: if ((sb.st_mode & _S_IFMT) != type) {
! 50: rval = SUDO_PATH_BAD_TYPE;
! 51: } else if (uid != (uid_t)-1 && sb.st_uid != uid) {
! 52: rval = SUDO_PATH_WRONG_OWNER;
! 53: } else if (sb.st_mode & S_IWOTH) {
! 54: rval = SUDO_PATH_WORLD_WRITABLE;
! 55: } else if (ISSET(sb.st_mode, S_IWGRP) &&
! 56: (gid == (gid_t)-1 || sb.st_gid != gid)) {
! 57: rval = SUDO_PATH_GROUP_WRITABLE;
! 58: } else {
! 59: rval = SUDO_PATH_SECURE;
! 60: }
! 61: if (sbp)
! 62: (void) memcpy(sbp, &sb, sizeof(struct stat));
! 63: }
! 64:
! 65: debug_return_int(rval);
! 66: }
! 67:
! 68: /*
! 69: * Verify that path is a regular file and not writable by other users.
! 70: */
! 71: int
! 72: sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp)
! 73: {
! 74: return sudo_secure_path(path, _S_IFREG, uid, gid, sbp);
! 75: }
! 76:
! 77: /*
! 78: * Verify that path is a directory and not writable by other users.
! 79: */
! 80: int
! 81: sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp)
! 82: {
! 83: return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp);
! 84: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>