File Safety Functions
Functions for running file safety checks are implemented in libmailutils. The corresponding prototypes and constants are declared in the header mailutils/util.h[1].
mu_file_safety_check
int mu_file_safety_check (const char *filename,
int mode,
uid_t uid,
mu_list_t idlist);
The function mu_file_safety_check checks whether the file filename satisfies safety checks described by the mode and uid arguments.
Its arguments are:
- filename
- Name of the file to check.
- mode
- A bitmap specifying the checks to perform. It can be constructed as a bitwise OR of one or more of the following flags, corresponding to the main safety checks:
- MU_FILE_SAFETY_OWNER_MISMATCH
- Check whether the file owner UID equals to the uid argument.
- MU_FILE_SAFETY_WORLD_WRITABLE
- Fail if the file is world writable (awrfil)
- MU_FILE_SAFETY_GROUP_WRITABLE
- Fail if the file is group writable (gwrfil)
- MU_FILE_SAFETY_LINKED_WRDIR
- Fail if the file is a symbolic link located in a (world- or group-) writable directory (linkwrdir)
- MU_FILE_SAFETY_DIR_IWGRP
- Fail if the file is located in a group-writable directory (gwrdir)
- MU_FILE_SAFETY_DIR_IWOTH
- Fail if the file is located in a world-writable directory (awrdir)
- MU_FILE_SAFETY_WORLD_READABLE
- Fail if the file is world readable (awrfil)
- MU_FILE_SAFETY_GROUP_READABLE
- Fail if the file is group readable (grdfil)
- Additionally, the following two defines are provided:
- MU_FILE_SAFETY_ALL
- All the above checks
- MU_FILE_SAFETY_NONE
- No checks
- uid
- UID the file should be owned by, if the MU_FILE_SAFETY_OWNER_MISMATCH mode is specified.
- idlist
- A list used to avoid checking the same file twice. It is useful if mu_file_safety_check is to be called several times. At the first call to the function, this argument should contain a newly created list. The function uses this list to keep record of the device and inode numbers of processed files. If mu_file_safety_check determines that the file it is about to check is already entered in this list, it will immediately return MU_ERR_EXISTS.
- If this is not needed, this argument should be NULL.
The mu_file_safety_check returns 0 if the file passes all checks, or one of the following error codes otherwise:
- MU_ERR_PERM_OWNER_MISMATCH
- File onwer does not match the requested UID.
- MU_ERR_PERM_WORLD_WRITABLE
- File is world writable
- MU_ERR_PERM_GROUP_WRITABLE
- File is group writable
- MU_ERR_PERM_LINKED_WRDIR
- Linked file in a writable directory
- MU_ERR_PERM_DIR_IWGRP
- File resides in group writable directory
- MU_ERR_PERM_DIR_IWOTH
- File resides in world writable directory
- MU_ERR_PERM_GROUP_READABLE
- File is group readable
- MU_ERR_PERM_WORLD_READABLE
- File is world readable
- MU_ERR_EXISTS
- The file has already been checked before (see the description of the idlist argument, above).
mu_file_safety_name_to_code
int mu_file_safety_name_to_code (const char *name, int *pcode);
This function converts the symbolic safety check name name to the corresponding MU_FILE_SAFETY constant.
If the conversion succeeds, the function stores the result in the memory location pointed to by the pcode argument and returns 0. If name does not match any safety check name, the function returns MU_ERR_NOENT.
mu_file_safety_name_to_error
int mu_file_safety_name_to_error (const char *name, int *pcode);
This function converts the symbolic safety check name name to the corresponding MU_ERR_PERM error code.
If the conversion succeeds, the function stores the result in the memory location pointed to by the pcode argument and returns 0. If name does not match any safety check name, the function returns MU_ERR_NOENT.