Etusivu Tutki Apua
Kirjaudu sisään
HSD
/
putty
peilaus alkaen https://git.tartarus.org/simon/putty.git
Tarkkaile 1
Äänestä 0
Fork 0
Tiedostot
Puu: 476ecf427a
Branchit Tagit
putty
/
unix
/
utils
/
make_dir_and_check_ours.c

make_dir_and_check_ours.c 2.2 KB
Historia Raaka

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. /*
    2. 

  2.  * Create a directory accessible only to us, and then check afterwards
    3. 

  3.  * that we really did end up with a directory with the right ownership
    4. 

  4.  * and permissions.
    5. 

  5.  *
    6. 

  6.  * The idea is that this is a directory in which we're about to create
    7. 

  7.  * something sensitive, like a listening Unix-domain socket for SSH
    8. 

  8.  * connection sharing or an SSH agent. We want to be protected against
    9. 

  9.  * somebody else previously having created the directory in a way
    10. 

  10.  * that's writable to us, and thus manipulating us into creating the
    11. 

  11.  * actual socket in a directory they can see so that they can connect
    12. 

  12.  * to it and (say) use our authenticated SSH sessions.
    13. 

  13.  *
    14. 

  14.  * NOTE: The strategy used in this function is not safe if the enemy
    15. 

  15.  * has unrestricted write access to the containing directory. In that
    16. 

  16.  * case, they could move our directory out of the way and make a new
    17. 

  17.  * one, after this function returns and before we create our socket
    18. 

  18.  * (or whatever) inside it.
    19. 

  19.  *
    20. 

  20.  * But this should be OK for temp directories (which modify the
    21. 

  21.  * default world-write behaviour by also setting the 't' bit,
    22. 

  22.  * preventing people from renaming or deleting things in there that
    23. 

  23.  * they don't own). And of course it's also safe if the directory is
    24. 

  24.  * writable only by our _own_ uid.
    25. 

  25.  */
    26. 

  26. 

  27. #include <errno.h>
    28. 

  28. #include <string.h>
    29. 

  29. 

  30. #include <unistd.h>
    31. 

  31. #include <sys/types.h>
    32. 

  32. #include <sys/stat.h>
    33. 

  33. 

  34. #include "putty.h"
    35. 

  35. 

  36. char *make_dir_and_check_ours(const char *dirname)
    37. 

  37. {
    38. 

  38.     struct stat st;
    39. 

  39. 

  40.     /*
    41. 

  41.      * Create the directory. We might have created it before, so
    42. 

  42.      * EEXIST is an OK error; but anything else is doom.
    43. 

  43.      */
    44. 

  44.     if (mkdir(dirname, 0700) < 0 && errno != EEXIST)
    45. 

  45.         return dupprintf("%s: mkdir: %s", dirname, strerror(errno));
    46. 

  46. 

  47.     /*
    48. 

  48.      * Stat the directory and check its ownership and permissions.
    49. 

  49.      */
    50. 

  50.     if (stat(dirname, &st) < 0)
    51. 

  51.         return dupprintf("%s: stat: %s", dirname, strerror(errno));
    52. 

  52.     if (st.st_uid != getuid())
    53. 

  53.         return dupprintf("%s: directory owned by uid %d, not by us",
    54. 

  54.                          dirname, st.st_uid);
    55. 

  55.     if ((st.st_mode & 077) != 0)
    56. 

  56.         return dupprintf("%s: directory has overgenerous permissions %03o"
    57. 

  57.                          " (expected 700)", dirname, st.st_mode & 0777);
    58. 

  58. 

  59.     return NULL;
    60. 

  60. }
    61. 

  61.