Query: _secure_path
OS: freebsd
Section: 3
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
_SECURE_PATH(3) BSD Library Functions Manual _SECURE_PATH(3)NAME_secure_path -- determine if a file appears to be secureLIBRARYSystem Utilities Library (libutil, -lutil)SYNOPSIS#include <sys/types.h> #include <libutil.h> int _secure_path(const char *path, uid_t uid, gid_t gid);DESCRIPTIONThis function does some basic security checking on a given path. It is intended to be used by processes running with root privileges in order to decide whether or not to trust the contents of a given file. It uses a method often used to detect system compromise. A file is considered 'secure' if it meets the following conditions: 1. The file exists, and is a regular file (not a symlink, device special or named pipe, etc.), 2. Is not world writable. 3. Is owned by the given uid or uid 0, if uid is not -1, 4. Is not group writable or it has group ownership by the given gid, if gid is not -1.RETURN VALUESThis function returns zero if the file exists and may be considered secure, -2 if the file does not exist, and -1 otherwise to indicate a security failure. The syslog(3) function is used to log any failure of this function, including the reason, at LOG_ERR priority.SEE ALSOlstat(2), syslog(3)HISTORYCode from which this function was derived was contributed to the FreeBSD project by Berkeley Software Design, Inc.BUGSThe checks carried out are rudimentary and no attempt is made to eliminate race conditions between use of this function and access to the file referenced.BSDMay 2, 1997 BSD
| Related Man Pages |
|---|
| pwcache_groupdb(3) - netbsd |
| group_from_gid(3) - osx |
| pwcache(3) - osx |
| _secure_path(3) - freebsd |
| pwcache(3) - freebsd |
| Similar Topics in the Unix Linux Community |
|---|
| checking uid |
| choosing secure and stable OS |
| Numeric uid and gid in ls -l command |
| Canonical Design Blog: Design museum exhibition London |
| /var/log/secure* mysteriously empty! |