-d44.4
Trace safefile( ) Debug command-line switch
The V8 sendmail program tries to
be extra careful about file permissions, and the key
to checking them is the internal
safefile( ) function. The
-d44.4
debugging switch[228] prints the parameters passed to the
safefile( ) function:
safefile(fname, uid=uid, gid=gid, flags=sff_flags, mode=wantmode)
Here, the file named fname is being checked to determine whether the user identified by the uid, with the group gid, is allowed to find or use the file. The range of checking is determined by the hexadecimal sff_flags, described in Table 15-11. Where a file’s permissions are required, the mode printed in wantmode will be used.
Table 15-11. safefile( ) access flags
|
Mnemonic |
Hex flag |
Description |
|---|---|---|
|
SFF_ANYFILE |
0x00000000 |
No special restrictions |
|
SFF_MUSTOWN |
0x00000001 |
User must own this file |
|
SFF_NOSLINK |
0x00000002 |
File cannot be a symbolic link |
|
SFF_ROOTOK |
0x00000004 |
OK for root to own this file |
|
SFF_RUNASREALUID |
0x00000008 |
If no controlling user, run as real user-id |
|
SFF_NOPATHCHECK |
0x00000010 |
Don’t bother checking directory path |
|
SFF_SETUIDOK |
0x00000020 |
Set-user-id files are OK. |
|
SFF_CREAT |
0x00000040 |
OK to create file if necessary |
|
SFF_REGONLY |
0x00000080 |
Regular files only |
|
SFF_SAFEDIRPATH |
0x00000100 |
No writable directories (also check owner) |
|
SFF_NOHLINK |
0x00000200 |
File cannot have hard links |
|
SFF_NOWLINK |
0x00000400 |
Links only in nonwritable directories |
|
SFF_NOGWFILES |
0x00000800 |
Disallow group-writable files |
|
SFF_NOWWFILES ... |
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
