![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to access.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix|
Return to access.c CVS log | Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix |
1.1 root 1: /* access.c
2: Check access to files by the user and by the daemon. */
3:
4: #include "uucp.h"
5:
6: #include "uudefs.h"
7: #include "sysdep.h"
8: #include "system.h"
9:
10: #include <errno.h>
11:
12: /* See if the user has access to a file, to prevent the setuid uucp
13: and uux programs handing out unauthorized access. */
14:
15: boolean
16: fsysdep_access (zfile)
17: const char *zfile;
18: {
19: if (access (zfile, R_OK) == 0)
20: return TRUE;
21: ulog (LOG_ERROR, "%s: %s", zfile, strerror (errno));
22: return FALSE;
23: }
24:
25: /* See if the daemon has access to a file. This is called if a file
26: is not being transferred to the spool directory, since if the
27: daemon does not have access the later transfer will fail. We
28: assume that the daemon will have the same euid (or egid) as the one
29: we are running under. If our uid (gid) and euid (egid) are the
30: same, we assume that we have access. Note that is not important
31: for security, since the check will be (implicitly) done again when
32: the daemon tries to transfer the file. This routine should work
33: whether the UUCP programs are installed setuid or setgid. */
34:
35: boolean
36: fsysdep_daemon_access (zfile)
37: const char *zfile;
38: {
39: struct stat s;
40: uid_t ieuid, iuid, iegid, igid;
41: boolean fok;
42:
43: ieuid = geteuid ();
44: if (ieuid == 0)
45: return TRUE;
46: iuid = getuid ();
47: iegid = getegid ();
48: igid = getgid ();
49:
50: /* If our effective uid and gid are the same as our real uid and
51: gid, we assume the daemon will have access to the file. */
52: if (ieuid == iuid && iegid == igid)
53: return TRUE;
54:
55: if (stat ((char *) zfile, &s) != 0)
56: {
57: ulog (LOG_ERROR, "stat (%s): %s", zfile, strerror (errno));
58: return FALSE;
59: }
60:
61: /* If our euid is not our uid, but it is the file's uid, see if the
62: owner has read access. Otherwise, if our egid is not our gid,
63: but it is the file's gid, see if the group has read access.
64: Otherwise, see if the world has read access. We know from the
65: above check that at least one of our euid and egid are different,
66: so that is the only one we want to check. This check could fail
67: if the UUCP programs were both setuid and setgid, but why would
68: they be? */
69: if (ieuid != iuid && ieuid == s.st_uid)
70: fok = (s.st_mode & S_IRUSR) != 0;
71: else if (iegid != igid && iegid == s.st_gid)
72: fok = (s.st_mode & S_IRGRP) != 0;
73: else
74: fok = (s.st_mode & S_IROTH) != 0;
75:
76: if (! fok)
77: {
78: ulog (LOG_ERROR, "%s: cannot be read by daemon", zfile);
79: return FALSE;
80: }
81:
82: return TRUE;
83: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.