:man| Alphabetical   Categories   About us 
 
_SECURE_PATH (3) | C library functions | Unix Manual Pages | :man

NAME

_secure_path - determine if a file appears to be secure

CONTENTS

Library
Synopsis
Description
Return Values
See Also
History
Bugs

LIBRARY


.Lb libutil

SYNOPSIS


.In sys/types.h
.In libutil.h int _secure_path "const char *path" "uid_t uid" "gid_t gid"

DESCRIPTION

This function does some basic security checking on a given path. It is intended to be used by processes running with root privileges in order to decide whether or not to trust the contents of a given file. It uses a method often used to detect system compromise.

A file is considered 'secure' if it meets the following conditions:

  1. The file exists, and is a regular file (not a symlink, device special or named pipe, etc.),
  2. Is not world writable.
  3. Is owned by the given uid or uid 0, if uid is not -1,
  4. Is not group writable or it has group ownership by the given gid, if gid is not -1.

RETURN VALUES

This function returns zero if the file exists and may be considered secure, -2 if the file does not exist, and -1 otherwise to indicate a security failure. The syslog(3) function is used to log any failure of this function, including the reason, at LOG_ERR priority.

SEE ALSO

lstat(2), syslog(3)

HISTORY

BUGS


Share this page

     Follow us

Facebook Twitter Google+ LinkedIn


 
Created by Blin Media, 2008-2013