2 * Copyright (c) 2011 Dag-Erling Smørgrav
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $
34 #include <sys/types.h>
43 #include <security/pam_appl.h>
45 #include "openpam_impl.h"
50 * Verify that the file or directory referenced by the given descriptor is
51 * owned by either root or the arbitrator and that it is not writable by
56 openpam_check_desc_owner_perms(const char *name, int fd)
58 uid_t root, arbitrator;
63 arbitrator = geteuid();
64 if (fstat(fd, &sb) != 0) {
66 openpam_log(PAM_LOG_ERROR, "%s: %m", name);
70 if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
71 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
72 openpam_log(PAM_LOG_ERROR,
73 "%s: insecure ownership or permissions", name);
83 * Verify that a file or directory and all components of the path leading
84 * up to it are owned by either root or the arbitrator and that they are
85 * not writable by group or other.
87 * Note that openpam_check_file_owner_perms() should be used instead if
88 * possible to avoid a race between the ownership / permission check and
93 openpam_check_path_owner_perms(const char *path)
95 uid_t root, arbitrator;
96 char pathbuf[PATH_MAX];
101 arbitrator = geteuid();
102 if (realpath(path, pathbuf) == NULL)
104 len = strlen(pathbuf);
106 if (stat(pathbuf, &sb) != 0) {
107 if (errno != ENOENT) {
109 openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf);
114 if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
115 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
116 openpam_log(PAM_LOG_ERROR,
117 "%s: insecure ownership or permissions", pathbuf);
121 while (--len > 0 && pathbuf[len] != '/')