_SECURE_PATH (3) | C library functions | Unix Manual Pages



_SECURE_PATH (3) \| C library functions \| Unix Manual Pages \| :man▋ NAME _secure_path - determine if a file appears to be secure CONTENTS Library Synopsis Description Return Values See Also History Bugs LIBRARY .Lb libutil SYNOPSIS .In sys/types.h .In libutil.h int `_secure_path "const char path" "uid_t uid" "gid_t gid"` DESCRIPTION This function does some basic security checking on a given path. It is intended to be used by processes running with root privileges in order to decide whether or not to trust the contents of a given file. It uses a method often used to detect system compromise. A file is considered 'secure' if it meets the following conditions: The file exists, and is a regular file (not a symlink, device special or named pipe, etc.), Is not world writable. Is owned by the given uid or uid 0, if uid is not -1, Is not group writable or it has group ownership by the given gid, if gid is not -1. RETURN VALUES This function returns zero if the file exists and may be considered secure, -2 if the file does not exist, and -1 otherwise to indicate a security failure. The syslog(3) function is used to log any failure of this function, including the reason, at LOG_ERR priority. SEE ALSO lstat(2), syslog*(3) HISTORY BUGS

Created by Blin Media, 2008-2013