3 * $Id: path.c,v 1.1 1999/04/06 20:12:07 mdw Exp $
5 * Check a path for safety
7 * (c) 1999 Mark Wooding
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of chkpath.
14 * chkpath is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * chkpath is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with chkpath; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.1 1999/04/06 20:12:07 mdw
37 /*----- Header files ------------------------------------------------------*/
45 #include <sys/types.h>
52 #include <mLib/alloc.h>
53 #include <mLib/dstr.h>
57 /*----- Data structures ---------------------------------------------------*/
59 /* --- An item in the directory list --- *
61 * Each directory becomes an element on a list which is manipulated in a
66 struct elt
*e_link
; /* Pointer to the next one along */
67 size_t e_offset
; /* Offset of name in path string */
68 unsigned e_flags
; /* Various useful flags */
69 char e_name
[1]; /* Name of the directory */
73 f_sticky
= 1 /* Directory has sticky bit set */
77 f_last
= 1 /* This is the final item to check */
80 /*----- Static variables --------------------------------------------------*/
82 static struct elt rootnode
= { 0, 0, 0 }; /* Root of the list */
83 static struct elt
*sp
; /* Stack pointer for list */
84 static dstr d
; /* Current path string */
86 /*----- Main code ---------------------------------------------------------*/
88 /* --- @splitpath@ --- *
90 * Arguments: @const char *path@ = path string to break apart
91 * @struct elt *tail@ = tail block to attach to end of list
93 * Returns: Pointer to the new list head.
95 * Use: Breaks a path string into directories and adds each one
96 * as a node on the list, in the right order. These can then
97 * be pushed onto the directory stack as required.
100 static struct elt
*splitpath(const char *path
, struct elt
*tail
)
102 struct elt
*head
, **ee
= &head
, *e
;
107 /* --- Either a leading `/', or a doubled one --- *
109 * Either way, ignore it.
117 /* --- Skip to the next directory separator --- *
119 * Build a list element for it, and link it on.
122 n
= strcspn(path
, "/");
123 e
= xmalloc(sizeof(struct elt
) + n
+ 1);
124 memcpy(e
->e_name
, path
, n
);
144 * Use: Removes the top item from the directory stack.
147 static void pop(void)
150 struct elt
*e
= sp
->e_link
;
151 d
.len
= sp
->e_offset
;
157 /* --- @popall@ --- *
163 * Use: Removes all the items from the directory stack.
166 static void popall(void)
174 * Arguments: @struct elt *e@ = pointer to directory element
178 * Use: Pushes a new subdirectory onto the stack.
181 static void push(struct elt
*e
)
186 DPUTS(&d
, e
->e_name
);
190 /* --- @report@ --- *
192 * Arguments: @struct chkpath *cp@ = pointer to context
193 * @int what@ = what sort of report is this?
194 * @int verbose@ = how verbose is this?
195 * @const char *p@ = what path does it refer to?
196 * @const char *msg@ = the message to give to the user
200 * Use: Formats and presents messages to the client.
203 static void report(struct chkpath
*cp
, int what
, int verbose
,
204 const char *p
, const char *msg
, ...)
206 /* --- Decide whether to bin this message --- */
208 if (!cp
->cp_report
|| verbose
> cp
->cp_verbose
|| !(cp
->cp_what
& what
))
211 /* --- Format the message nicely --- */
213 if (cp
->cp_what
& CP_REPORT
) {
225 dstr_putf(&d
, "Path: %s: ", p
);
231 dstr_puts(&d
, strerror(e
));
234 uid_t u
= (uid_t
)va_arg(ap
, int);
235 struct passwd
*pw
= getpwuid(u
);
237 dstr_putf(&d
, "`%s'", pw
->pw_name
);
239 dstr_putf(&d
, "%i", (int)u
);
242 gid_t g
= (gid_t
)va_arg(ap
, int);
243 struct group
*gr
= getgrgid(g
);
245 dstr_putf(&d
, "`%s'", gr
->gr_name
);
247 dstr_putf(&d
, "%i", (int)g
);
250 const char *s
= va_arg(ap
, const char *);
271 cp
->cp_report(what
, verbose
, p
, d
.buf
, cp
->cp_arg
);
275 cp
->cp_report(what
, verbose
, p
, 0, cp
->cp_arg
);
278 /* --- @sanity@ --- *
280 * Arguments: @const char *p@ = name of directory to check
281 * @struct stat *st@ = pointer to @stat@(2) block for it
282 * @struct chkpath *cp@ = pointer to caller parameters
283 * @unsigned f@ = various flags
285 * Returns: Zero if everything's OK, else bitmask of problems.
287 * Use: Performs the main load of sanity-checking on a directory.
290 static int sanity(const char *p
, struct stat
*st
,
291 struct chkpath
*cp
, unsigned f
)
294 int sticky
= (cp
->cp_what
& CP_STICKYOK
) || !(f
& f_last
) ?
01000 : 0;
296 /* --- Check for world-writability --- */
298 if ((cp
->cp_what
& CP_WRWORLD
) &&
299 (st
->st_mode
& (0002 | sticky
)) == 0002) {
301 report(cp
, CP_WRWORLD
, 1, p
, "** world writable **");
304 /* --- Check for group-writability --- */
306 if ((cp
->cp_what
& (CP_WRGRP
| CP_WROTHGRP
)) &&
307 (st
->st_mode
& (0020 | sticky
)) == 0020) {
308 if (cp
->cp_what
& CP_WRGRP
) {
310 report(cp
, CP_WRGRP
, 1, p
, "writable by group %g", st
->st_gid
);
313 for (i
= 0; i
< cp
->cp_gids
; i
++) {
314 if (st
->st_gid
== cp
->cp_gid
[i
])
318 report(cp
, CP_WROTHGRP
, 1, p
, "writable by group %g", st
->st_gid
);
323 /* --- Check for user-writability --- */
325 if ((cp
->cp_what
& CP_WROTHUSR
) &&
326 st
->st_uid
!= cp
->cp_uid
&&
329 report(cp
, CP_WROTHUSR
, 1, p
, "owner is user %u", st
->st_uid
);
332 /* --- Done sanity check --- */
337 /* --- @path_check@ --- *
339 * Arguments: @const char *p@ = directory name which needs checking
340 * @struct chkpath *cp@ = caller parameters for the check
342 * Returns: Zero if all is well, otherwise bitmask of problems.
344 * Use: Scrutinises a directory path to see what evil things other
345 * users could do to it.
348 int path_check(const char *p
, struct chkpath
*cp
)
355 /* --- Initialise stack pointer and path string --- */
360 /* --- Try to find the current directory --- */
362 if (!getcwd(cwd
, sizeof(cwd
))) {
363 report(cp
, CP_ERROR
, 0, 0, "can't find current directory: %e");
367 /* --- Check that the root directory is OK --- */
369 if (stat("/", &st
)) {
370 report(cp
, CP_ERROR
, 0, 0, "can't stat root directory: %e");
374 report(cp
, CP_REPORT
, 3, p
, "begin scan");
375 bad
|= sanity("/", &st
, cp
, 0);
377 /* --- Get the initial list of things to process --- */
379 ee
= splitpath(p
, 0);
381 ee
= splitpath(cwd
, ee
);
383 /* --- While there are list items which still need doing --- */
388 /* --- Strip off simple `.' elements --- */
390 if (strcmp(ee
->e_name
, ".") == 0) {
396 /* --- Backtrack on `..' elements --- */
398 else if (strcmp(ee
->e_name
, "..") == 0) {
405 /* --- Everything else gets pushed on the end --- */
410 /* --- Find out what sort of a thing this is --- */
412 if (lstat(d
.buf
, &st
)) {
413 report(cp
, CP_ERROR
, 0, d
.buf
, "can't stat: %e");
418 /* --- Handle symbolic links specially --- */
420 if (S_ISLNK(st
.st_mode
)) {
424 /* --- Resolve the link --- */
426 if ((i
= readlink(d
.buf
, buf
, sizeof(buf
))) < 0) {
427 report(cp
, CP_ERROR
, 0, d
.buf
, "can't readlink: %e");
432 report(cp
, CP_SYMLINK
, 2, d
.buf
, "symlink -> `%s'", buf
);
434 /* --- Handle sticky parents --- *
436 * If I make a symlink in a sticky directory, I can later modify it.
437 * However, nobody else can (except the owner of the directory, and
438 * we'll already have noticed that if we care).
441 if ((cp
->cp_what
& CP_WROTHUSR
) &&
442 (sp
->e_link
->e_flags
& f_sticky
) &&
443 st
.st_uid
!= cp
->cp_uid
&& st
.st_uid
!= 0) {
445 report(cp
, CP_WROTHUSR
, 1, d
.buf
,
446 "symlink modifiable by user %u", st
.st_uid
);
449 /* --- Sort out what to do from here --- */
455 ee
= splitpath(buf
, ee
);
459 /* --- Run the sanity check on this path element --- */
461 bad
|= sanity(d
.buf
, &st
, cp
, ee ?
0 : f_last
);
463 if (S_ISDIR(st
.st_mode
)) {
464 if (st
.st_mode
& 01000)
465 sp
->e_flags
|= f_sticky
;
466 report(cp
, CP_REPORT
, 4, d
.buf
, "directory");
470 /* --- Something else I don't understand --- */
475 /* --- Check for leftover junk --- */
478 if (!(bad
& CP_ERROR
))
479 report(cp
, CP_ERROR
, 0, 0, "junk left over after reaching leaf");
491 /* --- @path_setids@ --- *
493 * Arguments: @struct chkpath *cp@ = pointer to block to fill in
495 * Returns: Zero if OK, else @-1@.
497 * Use: Fills in the user ids and things in the structure.
500 void path_setids(struct chkpath
*cp
)
505 cp
->cp_uid
= getuid();
506 n
= getgroups(sizeof(cp
->cp_gid
) / sizeof(cp
->cp_gid
[0]), cp
->cp_gid
);
508 for (i
= 0; i
< n
; i
++) {
509 if (cp
->cp_gid
[i
] == g
)
517 /*----- That's all, folks -------------------------------------------------*/