supported script execution for dhcp6relay (contributed by Bruno STEVANT)

author: SUZUKI, Shinsuke <suz@kame.net> 2007-02-27 14:47:11 +0000
committer: Bjørn Mork <bjorn@mork.no> 2010-08-06 15:37:36 +0200
commit: fc15adcff189d5fb96a9802307f8b82866e12ac7 (patch)
tree: 9795f2174138334f799ac987c2545791f98589c2 /common.c
parent: fe2c74572f875332b461ba2a17a594a7ee4eb2d3 (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/common.c b/common.c
index 7b1ba4f..6c1c621 100644
--- a/common.c
+++ b/common.c
@@ -32,6 +32,7 @@
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <sys/queue.h>
+#include <sys/stat.h>
 #if TIME_WITH_SYS_TIME
 # include <sys/time.h>
 # include <time.h>
@@ -3339,3 +3340,42 @@ ifaddrconf(cmd, ifname, addr, plen, pltime, vltime)
 	close(s);
 	return (0);
 }
+
+int
+safefile(path)
+	const char *path;
+{
+	struct stat s;
+	uid_t myuid;
+
+	/* no setuid */
+	if (getuid() != geteuid()) {
+		dprintf(LOG_NOTICE, FNAME,
+		    "setuid'ed execution not allowed");
+		return (-1);
+	}
+
+	if (lstat(path, &s) != 0) {
+		dprintf(LOG_NOTICE, FNAME, "lstat failed: %s",
+		    strerror(errno));
+		return (-1);
+	}
+
+	/* the file must be owned by the running uid */
+	myuid = getuid();
+	if (s.st_uid != myuid) {
+		dprintf(LOG_NOTICE, FNAME, "%s has invalid owner uid", path);
+		return (-1);
+	}
+
+	switch (s.st_mode & S_IFMT) {
+	case S_IFREG:
+		break;
+	default:
+		dprintf(LOG_NOTICE, FNAME, "%s is an invalid file type 0x%o",
+		    path, (s.st_mode & S_IFMT));
+		return (-1);
+	}
+
+	return (0);
+}
author	SUZUKI, Shinsuke <suz@kame.net>	2007-02-27 14:47:11 +0000
committer	Bjørn Mork <bjorn@mork.no>	2010-08-06 15:37:36 +0200
commit	fc15adcff189d5fb96a9802307f8b82866e12ac7 (patch)
tree	9795f2174138334f799ac987c2545791f98589c2 /common.c
parent	fe2c74572f875332b461ba2a17a594a7ee4eb2d3 (diff)