1. Manuals
  2. Tumbleweed
  3. libsecprog-devel
  4. secprog(3)

Scroll to navigation

secprog(3) Secure Programming Library secprog(3)

NAME

s_strncpy - secure strncpy, s_strncat - secure strncat, s_execv - secure execv, s_tmpfile - secure buffered tmp file, s_popen - secure popen, safe_tmpfile - secure unbuffered tmp file, safe_reopen - secure reopen of files, sigprotection - blocking signals, close_stdfds - close standard file descriptors, setlimits - set limits, setupsbitproc - setup at beginning of setuid code

SYNOPSIS

#include <secprog.h>

char *s_strncpy(char *dest, char *src, size_t n);

char *s_strncat(char *dest, char *src, size_t n);

int s_execv(const char *filename, char *const argv[]);

FILE *s_tmpfile(void);

FILE *s_popen(char *cmd, const char *type);

int safe_tmpfile(char *filename);

int safe_reopen(char *file, int mode);

int sigprotection(u_int toggle, sigset_t *sp_blockmask);

int close_stdfds(void);

int setlimits(sl_limit slim);

int setupsbitproc(void);

DESCRIPTION

s_strncpy copys string src to buffer dest up to size n . The dest string is zero terminated.

s_strncat concatenate string src with dest up to size n . The dest string is zero terminated.

s_execv executes filename with arguments argv . The function cleans up the environment, checks the login, checks the current directory, sets the close_on_exec flag for all filedescriptors expect stdin, stdout, stderr.

s_tmpfile creates a temp file more securely and returns a FILE * .

s_popen is a secure popen(3) that avoids using the shell.

safe_tempfile works like s_tempfile expect that it returns an integer as filedescriptor.

safe_reopen reopens a file securely even in world-writeable directories like /tmp .

sigprotection should be called before and after a critical code part. The toggle variable should be SP_ON for activating the signals set in mask sp_blockmask or SP_OFF for switching signal blocking off.

close_stdfds just closes all standard filedescriptors. (Note: Just needed on systems with old glibc, or old OpenBSD kernel)

setlimits uses the structure slim to set process limites like: RLIMIT_MEMLOCK, RLIMIT_NPROC, RLIMIT_NOFILE, RLIMIT_RSS, RLIMIT_CORE, RLIMIT_STACK, RLIMIT_DATA, RLIMIT_FSIZE



  typedef struct


  {


    int fsize;          /* max file size */


    int data;           /* max data size */


    int stack;          /* max stack size */


    int core;           /* max core file size */


    int rss;            /* max resident set size */


    int nproc;          /* max number of processes */


    int nofile;         /* max number of open files */


    int memlock;        /* max locked-in-memory address space */


  } sl_limit;

setupsbitproc should be called at the beginning of every setuid application to close the standard filedescriptors and to set some process limits. (Note: It does not drop setuid privileges.)

RETURN VALUE

The function s_strncat and s_strncpy return a pointer to the resulting string..

The function s_popen returns a buffered filedescriptor on success, NULL otherwise.

The function s_execv does not return on success, returns -1 otherwise.

The function s_tmpfile returns a buffered filedescriptor on success, NULL otherwise.

The function safe_tmpfile returns a filedescriptor on success, -1 otherwise.

The function safe_reopen returns a filedescriptor on success, -1 otherwise.

The function sigprotection returns zero on success, -1 otherwise.

The function close_stdfds returns zero on success, -1 otherwise.

The function setlimits returns zero on success, -1 otherwise.

The function setupsbitproc returns zero on success, -1 otherwise.

SEE ALSO

strncpy(3), strncat(3), popen(3), exec(3).

Thomas Biege <thomas@suse.de> 22 Apr 2004