3 * $Id: chkpath.c,v 1.3 2003/01/25 23:58:44 mdw Exp $
5 * Check a user's file search path
7 * (c) 1999 Mark Wooding
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of chkpath.
14 * chkpath is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * chkpath is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with chkpath; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.3 2003/01/25 23:58:44 mdw
33 * Make guts into official library.
35 * Revision 1.2 2001/01/25 22:16:02 mdw
36 * Make flags be unsigned.
38 * Revision 1.1.1.1 1999/04/06 20:12:07 mdw
43 /*----- Header files ------------------------------------------------------*/
51 #include <mLib/alloc.h>
52 #include <mLib/mdwopt.h>
53 #include <mLib/quis.h>
54 #include <mLib/report.h>
56 #include "checkpath.h"
58 /*----- Main code ---------------------------------------------------------*/
60 static void report(unsigned what, int verbose,
61 const char *p, const char *msg,
69 static void usage(FILE *fp)
71 fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS);
74 /* --- @version@ --- */
76 static void version(FILE *fp)
78 fprintf(fp, "%s version %s\n", QUIS, VERSION);
83 static void help(FILE *fp)
89 Checks a path string (by default the PATH variable) for security. It\n\
90 ensures that only `root' or the calling user can write to all the parent\n\
91 directories of the path elements, so nobody can maliciously replace the\n\
92 binaries unexpectedly.\n\
94 Options provided are:\n\
96 -h, --help Display this help message.\n\
97 -V, --version Display the program's version number.\n\
98 -u, --usage Show a terse usage summary.\n\
100 -v, --verbose Be verbose about the search progress (cumulative).\n\
101 -q, --quiet Be quiet about the search progress (cumulative).\n\
102 -s, --sticky Consider sticky directories secure against\n\
103 modification by world and group (not recommended).\n\
104 -t, --trust-group Consider other members of your group trustworthy.\n\
105 -p, --print Write the secure path elements to standard output.\n\
110 int main(int argc, char *argv[])
121 /* --- Initialize the world --- */
125 /* --- Set up path scanning defaults --- */
128 cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
129 cp.cp_report = report;
131 checkpath_setids(&cp);
133 /* --- Parse the options --- */
136 static struct option opts[] = {
137 { "help", 0, 0, 'h' },
138 { "version", 0, 0, 'V' },
139 { "usage", 0, 0, 'u' },
140 { "verbose", 0, 0, 'v' },
141 { "quiet", 0, 0, 'q' },
142 { "sticky", 0, 0, 's' },
143 { "trust-group", 0, 0, 't' },
144 { "print", 0, 0, 'p' },
147 int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0);
169 cp.cp_what |= CP_STICKYOK;
172 cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
188 /* --- Sort out what needs doing --- */
190 if (optind == argc) {
191 path = getenv("PATH");
197 for (i = optind; i < argc; i++) {
198 p = xstrdup(argv[i]);
201 unsigned b = checkpath(q, &cp);
202 if (!b && (f & f_print)) {
220 /*----- That's all, folks -------------------------------------------------*/