DISCR(S) UNIX System V DISCR(S)
Name
discr - check discretionary attributes of files and programs
Syntax
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
int privileged_user ();
void setuid_least_privilege (cmd)
char *cmd;
void ensure_e_ids (cmd)
char *cmd;
void ensure_discr_file (cmd, path)
char *cmd;
char *path;
int get_discr_file (path, attrs)
char *path;
struct discr_attr *attrs;
int discr_check_file (path)
char *path;
Description
These routines provide a means to check the discretionary
attributes of programs and files against the values kept in
the authentication database. They make use of the
``discr_attr'' structure in <prot.h> defined as:
struct discr_attr {
unsigned short da_owner;
unsigned short da_group;
unsigned short da_mode;
short da_wc_owner;
short da_wc_group;
};
The da_owner, da_group, and da_mode are the same as their
counterparts found in stat(S). The da_wc_owner
(da_wc_group) flag is 1 when the database specifies a wild-
card ('*') for the owner (group) of the file. In this case,
the da_owner (da_group) is to be ignored and any owner
(group) will satisfy the requirements of the database. When
the flag is 0, the wild-card is not in effect and the
da_owner (da_group) value is to be believed.
privileged_user returns 0 if the user does not have special
privileges associated with the program and returns 1 if the
user has special privileges. This boolean routine can be
used to determine how much information needs to be presented
to the user or what types of options the user has to the
program.
setuid_least_privilege is used to reset effective UID and/or
GID values to those of their real counterparts. It is used
after all the activities required of the setuid effective
permissions (e.g., open files, create files, signal users)
has been accomplished. By closing down the extra
privilege(s) granted by the effective IDs, the principle of
"least privilege" is aided if not met totally.
ensure_discr_file checks the path as it exists now in the
file system against the discretionary values (owner, group,
mode) in the authentication database. If the requirements
of the database are not met, the cmd program is first
audited and then exited.
get_discr_file returns the discretionary attributes of a
file as stored in the authentication database. These values
may not be the same as those stored with the actual file.
discr_check_file performs discretionary checking on the file
designated by path and returns its results. If the result
is 0, the file matches the settings in the authentication
database exactly. If the result is positive, the file does
not meet the requirements of the authentication database.
If the result is negative, the file exceeds the minimum
requirements of the authentication database (e.g., the mode
on disk is more restrictive than that specified in the
database).
Notes
These routines only work as advertised when
set_auth_parameters from identity(S) is called as the first
item in main().
Files
/tcb/files/auth/*/*
See Also
stat(S), authcap(S), identity(S), authaudit(S)
Value Added
discr is an extension of AT&T System V provided by the Santa
Cruz Operation.
(printed 6/20/89)