Current File : /opt/cpanel/ea-ruby27/src/passenger-release-6.1.2/src/cxx_supportlib/FileTools//PathSecurityCheck.h
/*
* Phusion Passenger - https://www.phusionpassenger.com/
* Copyright (c) 2018-2025 Asynchronous B.V.
*
* "Passenger", "Phusion Passenger" and "Union Station" are registered
* trademarks of Asynchronous B.V.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#ifndef _PASSENGER_FILE_TOOLS_PATH_SECURITY_CHECK_H_
#define _PASSENGER_FILE_TOOLS_PATH_SECURITY_CHECK_H_
#include <vector>
#include <string>
#include <StaticString.h>
namespace Passenger {
using namespace std;
/**
* Checks whether the given path is secure for use by a root process.
* This is done by checking whether the path itself, as well as any of the
* parent directories, can only be written to by root. Returns whether the
* path is deemed secure.
*
* If a non-root user can write to any of the directories in the path then that
* user can cause the root proces to read an arbitrary file. That file can even
* be one that is not owned by said user, through the use of symlinks.
*
* Checking is done according to normal Unix permissions. ACLs and systems like
* SELinux are not taken into consideration. Also, if this function fails to
* check a part of the path (e.g. because stat() failed) then this function
* simply skips that part. Therefore this function does not perform a full check
* and its result (which *can* be a false positive or a false negative) should be
* taken with a grain of salt.
*
* Error messages that can be used to inform the user which parts of the path
* are insecure, are outputted into `errors`. This vector becomes non-empty
* only if result is false.
*
* Any errors that occur w.r.t. checking itself (e.g. stat() errors) are
* outputted into `checkErrors`. This vector may become non-empty no matter
* the result.
*/
bool isPathProbablySecureForRootUse(const StaticString &path,
vector<string> &errors, vector<string> &checkErrors);
} // namespace Passenger
#endif /* _PASSENGER_FILE_TOOLS_PATH_SECURITY_CHECK_H_ */
