3 * $Id: chkpath.c,v 1.2 2001/01/25 22:16:02 mdw Exp $
5 * Check a user's file search path
7 * (c) 1999 Mark Wooding
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of chkpath.
14 * chkpath is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * chkpath is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with chkpath; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.2 2001/01/25 22:16:02 mdw
33 * Make flags be unsigned.
35 * Revision 1.1.1.1 1999/04/06 20:12:07 mdw
40 /*----- Header files ------------------------------------------------------*/
48 #include <mLib/alloc.h>
49 #include <mLib/mdwopt.h>
50 #include <mLib/quis.h>
51 #include <mLib/report.h>
55 /*----- Main code ---------------------------------------------------------*/
57 static void report(int what, int verbose,
58 const char *p, const char *msg,
66 static void usage(FILE *fp)
68 fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS);
71 /* --- @version@ --- */
73 static void version(FILE *fp)
75 fprintf(fp, "%s version %s\n", QUIS, VERSION);
80 static void help(FILE *fp)
86 Checks a path string (by default the PATH variable) for security. It\n\
87 ensures that only `root' or the calling user can write to all the parent\n\
88 directories of the path elements, so nobody can maliciously replace the\n\
89 binaries unexpectedly.\n\
91 Options provided are:\n\
93 -h, --help Display this help message.\n\
94 -V, --version Display the program's version number.\n\
95 -u, --usage Show a terse usage summary.\n\
97 -v, --verbose Be verbose about the search progress (cumulative).\n\
98 -q, --quiet Be quiet about the search progress (cumulative).\n\
99 -s, --sticky Consider sticky directories secure against\n\
100 modification by world and group (not recommended).\n\
101 -t, --trust-group Consider other members of your group trustworthy.\n\
102 -p, --print Write the secure path elements to standard output.\n\
107 int main(int argc, char *argv[])
118 /* --- Initialize the world --- */
122 /* --- Set up path scanning defaults --- */
125 cp.cp_what = (CP_WRWORLD | CP_WRGRP | CP_WROTHUSR |
126 CP_ERROR | CP_REPORT | CP_SYMLINK);
127 cp.cp_report = report;
131 /* --- Parse the options --- */
134 static struct option opts[] = {
135 { "help", 0, 0, 'h' },
136 { "version", 0, 0, 'V' },
137 { "usage", 0, 0, 'u' },
138 { "verbose", 0, 0, 'v' },
139 { "quiet", 0, 0, 'q' },
140 { "sticky", 0, 0, 's' },
141 { "trust-group", 0, 0, 't' },
142 { "print", 0, 0, 'p' },
145 int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0);
167 cp.cp_what |= CP_STICKYOK;
170 cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
186 /* --- Sort out what needs doing --- */
188 if (optind == argc) {
189 path = getenv("PATH");
195 for (i = optind; i < argc; i++) {
196 p = xstrdup(argv[i]);
199 int b = path_check(q, &cp);
200 if (!b && (f & f_print)) {
218 /*----- That's all, folks -------------------------------------------------*/