![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to access.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix|
Return to access.c CVS log | Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix |
1.1 ! root 1: /* access.c ! 2: Check access to files by the user and by the daemon. */ ! 3: ! 4: #include "uucp.h" ! 5: ! 6: #include "uudefs.h" ! 7: #include "sysdep.h" ! 8: #include "system.h" ! 9: ! 10: #include <errno.h> ! 11: ! 12: /* See if the user has access to a file, to prevent the setuid uucp ! 13: and uux programs handing out unauthorized access. */ ! 14: ! 15: boolean ! 16: fsysdep_access (zfile) ! 17: const char *zfile; ! 18: { ! 19: if (access (zfile, R_OK) == 0) ! 20: return TRUE; ! 21: ulog (LOG_ERROR, "%s: %s", zfile, strerror (errno)); ! 22: return FALSE; ! 23: } ! 24: ! 25: /* See if the daemon has access to a file. This is called if a file ! 26: is not being transferred to the spool directory, since if the ! 27: daemon does not have access the later transfer will fail. We ! 28: assume that the daemon will have the same euid (or egid) as the one ! 29: we are running under. If our uid (gid) and euid (egid) are the ! 30: same, we assume that we have access. Note that is not important ! 31: for security, since the check will be (implicitly) done again when ! 32: the daemon tries to transfer the file. This routine should work ! 33: whether the UUCP programs are installed setuid or setgid. */ ! 34: ! 35: boolean ! 36: fsysdep_daemon_access (zfile) ! 37: const char *zfile; ! 38: { ! 39: struct stat s; ! 40: uid_t ieuid, iuid, iegid, igid; ! 41: boolean fok; ! 42: ! 43: ieuid = geteuid (); ! 44: if (ieuid == 0) ! 45: return TRUE; ! 46: iuid = getuid (); ! 47: iegid = getegid (); ! 48: igid = getgid (); ! 49: ! 50: /* If our effective uid and gid are the same as our real uid and ! 51: gid, we assume the daemon will have access to the file. */ ! 52: if (ieuid == iuid && iegid == igid) ! 53: return TRUE; ! 54: ! 55: if (stat ((char *) zfile, &s) != 0) ! 56: { ! 57: ulog (LOG_ERROR, "stat (%s): %s", zfile, strerror (errno)); ! 58: return FALSE; ! 59: } ! 60: ! 61: /* If our euid is not our uid, but it is the file's uid, see if the ! 62: owner has read access. Otherwise, if our egid is not our gid, ! 63: but it is the file's gid, see if the group has read access. ! 64: Otherwise, see if the world has read access. We know from the ! 65: above check that at least one of our euid and egid are different, ! 66: so that is the only one we want to check. This check could fail ! 67: if the UUCP programs were both setuid and setgid, but why would ! 68: they be? */ ! 69: if (ieuid != iuid && ieuid == s.st_uid) ! 70: fok = (s.st_mode & S_IRUSR) != 0; ! 71: else if (iegid != igid && iegid == s.st_gid) ! 72: fok = (s.st_mode & S_IRGRP) != 0; ! 73: else ! 74: fok = (s.st_mode & S_IROTH) != 0; ! 75: ! 76: if (! fok) ! 77: { ! 78: ulog (LOG_ERROR, "%s: cannot be read by daemon", zfile); ! 79: return FALSE; ! 80: } ! 81: ! 82: return TRUE; ! 83: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.