Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.bin/vi/build/../ex/ex_init.c	Lines:	0	143	0.0 %
Date:	2017-11-07	Branches:	0	140	0.0 %


/*	$OpenBSD: ex_init.c,v 1.18 2017/04/18 01:45:35 deraadt Exp $	*/

/*-
 * Copyright (c) 1992, 1993, 1994
 *	The Regents of the University of California.  All rights reserved.
 * Copyright (c) 1992, 1993, 1994, 1995, 1996
 *	Keith Bostic.  All rights reserved.
 *
 * See the LICENSE file for redistribution information.
 */

#include "config.h"

#include <sys/queue.h>
#include <sys/stat.h>

#include <bitstring.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "../common/common.h"
#include "tag.h"
#include "pathnames.h"

enum rc { NOEXIST, NOPERM, RCOK };
static enum rc	exrc_isok(SCR *, struct stat *, int *, char *, int, int);

static int ex_run_file(SCR *, int, char *);

/*
 * ex_screen_copy --
 *	Copy ex screen.
 *
 * PUBLIC: int ex_screen_copy(SCR *, SCR *);
 */
int
ex_screen_copy(SCR *orig, SCR *sp)
{
	EX_PRIVATE *oexp, *nexp;

	/* Create the private ex structure. */
	CALLOC_RET(orig, nexp, 1, sizeof(EX_PRIVATE));
	sp->ex_private = nexp;

	/* Initialize queues. */
	TAILQ_INIT(&nexp->tq);
	TAILQ_INIT(&nexp->tagfq);

	if (orig == NULL) {
	} else {
		oexp = EXP(orig);

		if (oexp->lastbcomm != NULL &&
		    (nexp->lastbcomm = strdup(oexp->lastbcomm)) == NULL) {
			msgq(sp, M_SYSERR, NULL);
			return(1);
		}
		if (ex_tag_copy(orig, sp))
			return (1);
	}
	return (0);
}

/*
 * ex_screen_end --
 *	End a vi screen.
 *
 * PUBLIC: int ex_screen_end(SCR *);
 */
int
ex_screen_end(SCR *sp)
{
	EX_PRIVATE *exp;
	int rval;

	if ((exp = EXP(sp)) == NULL)
		return (0);

	rval = 0;

	/* Close down script connections. */
	if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
		rval = 1;

	if (argv_free(sp))
		rval = 1;

	free(exp->ibp);
	free(exp->lastbcomm);

	if (ex_tag_free(sp))
		rval = 1;

	/* Free private memory. */
	free(exp);
	sp->ex_private = NULL;

	return (rval);
}

/*
 * ex_optchange --
 *	Handle change of options for ex.
 *
 * PUBLIC: int ex_optchange(SCR *, int, char *, u_long *);
 */
int
ex_optchange(SCR *sp, int offset, char *str, u_long *valp)
{
	switch (offset) {
	case O_TAGS:
		return (ex_tagf_alloc(sp, str));
	}
	return (0);
}

/*
 * ex_exrc --
 *	Read the EXINIT environment variable and the startup exrc files,
 *	and execute their commands.
 *
 * PUBLIC: int ex_exrc(SCR *);
 */
int
ex_exrc(SCR *sp)
{
	struct stat hsb, lsb;
	char *p, path[PATH_MAX];
	int fd;

	/*
	 * Source the system, environment, $HOME and local .exrc values.
	 * Vi historically didn't check $HOME/.exrc if the environment
	 * variable EXINIT was set.  This is all done before the file is
	 * read in, because things in the .exrc information can set, for
	 * example, the recovery directory.
	 *
	 * !!!
	 * While nvi can handle any of the options settings of historic vi,
	 * the converse is not true.  Since users are going to have to have
	 * files and environmental variables that work with both, we use nvi
	 * versions of both the $HOME and local startup files if they exist,
	 * otherwise the historic ones.
	 *
	 * !!!
	 * For a discussion of permissions and when what .exrc files are
	 * read, see the comment above the exrc_isok() function below.
	 *
	 * !!!
	 * If the user started the historic of vi in $HOME, vi read the user's
	 * .exrc file twice, as $HOME/.exrc and as ./.exrc.  We avoid this, as
	 * it's going to make some commands behave oddly, and I can't imagine
	 * anyone depending on it.
	 */
	switch (exrc_isok(sp, &hsb, &fd, _PATH_SYSEXRC, 1, 0)) {
	case NOEXIST:
	case NOPERM:
		break;
	case RCOK:
		if (ex_run_file(sp, fd, _PATH_SYSEXRC))
			return (1);
		break;
	}

	/* Run the commands. */
	if (EXCMD_RUNNING(sp->gp))
		(void)ex_cmd(sp);
	if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
		return (0);

	if ((p = getenv("NEXINIT")) != NULL) {
		if (ex_run_str(sp, "NEXINIT", p, strlen(p), 1, 0))
			return (1);
	} else if ((p = getenv("EXINIT")) != NULL) {
		if (ex_run_str(sp, "EXINIT", p, strlen(p), 1, 0))
			return (1);
	} else if ((p = getenv("HOME")) != NULL && *p) {
		(void)snprintf(path, sizeof(path), "%s/%s", p, _PATH_NEXRC);
		switch (exrc_isok(sp, &hsb, &fd, path, 0, 1)) {
		case NOEXIST:
			(void)snprintf(path,
			    sizeof(path), "%s/%s", p, _PATH_EXRC);
			if (exrc_isok(sp, &hsb, &fd, path, 0, 1) == RCOK &&
			    ex_run_file(sp, fd, path))
				return (1);
			break;
		case NOPERM:
			break;
		case RCOK:
			if (ex_run_file(sp, fd, path))
				return (1);
			break;
		}
	}

	/* Run the commands. */
	if (EXCMD_RUNNING(sp->gp))
		(void)ex_cmd(sp);
	if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
		return (0);

	/* Previous commands may have set the exrc option. */
	if (O_ISSET(sp, O_EXRC)) {
		switch (exrc_isok(sp, &lsb, &fd, _PATH_NEXRC, 0, 0)) {
		case NOEXIST:
			if (exrc_isok(sp, &lsb, &fd, _PATH_EXRC, 0, 0)
			    == RCOK) {
				if (lsb.st_dev != hsb.st_dev ||
				    lsb.st_ino != hsb.st_ino) {
					if (ex_run_file(sp, fd, _PATH_EXRC))
						return (1);
				} else
					close(fd);
			}
			break;
		case NOPERM:
			break;
		case RCOK:
			if (lsb.st_dev != hsb.st_dev ||
			    lsb.st_ino != hsb.st_ino) {
				if (ex_run_file(sp, fd, _PATH_NEXRC))
					return (1);
			} else
				close(fd);
			break;
		}
		/* Run the commands. */
		if (EXCMD_RUNNING(sp->gp))
			(void)ex_cmd(sp);
		if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
			return (0);
	}

	return (0);
}

/*
 * ex_run_file --
 *	Set up a file of ex commands to run.
 */
static int
ex_run_file(SCR *sp, int fd, char *name)
{
	ARGS *ap[2], a;
	EXCMD cmd;

	ex_cinit(&cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0, ap);
	ex_cadd(&cmd, &a, name, strlen(name));
	return (ex_sourcefd(sp, &cmd, fd));
}

/*
 * ex_run_str --
 *	Set up a string of ex commands to run.
 *
 * PUBLIC: int ex_run_str(SCR *, char *, char *, size_t, int, int);
 */
int
ex_run_str(SCR *sp, char *name, char *str, size_t len, int ex_flags,
    int nocopy)
{
	GS *gp;
	EXCMD *ecp;

	gp = sp->gp;
	if (EXCMD_RUNNING(gp)) {
		CALLOC_RET(sp, ecp, 1, sizeof(EXCMD));
		LIST_INSERT_HEAD(&gp->ecq, ecp, q);
	} else
		ecp = &gp->excmd;

	F_INIT(ecp,
	    ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0);

	if (nocopy)
		ecp->cp = str;
	else
		if ((ecp->cp = v_strdup(sp, str, len)) == NULL)
			return (1);
	ecp->clen = len;

	if (name == NULL)
		ecp->if_name = NULL;
	else {
		if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
			return (1);
		ecp->if_lno = 1;
		F_SET(ecp, E_NAMEDISCARD);
	}

	return (0);
}

/*
 * exrc_isok --
 *	Open and check a .exrc file for source-ability.
 *
 * !!!
 * Historically, vi read the $HOME and local .exrc files if they were owned
 * by the user's real ID, or the "sourceany" option was set, regardless of
 * any other considerations.  We no longer support the sourceany option as
 * it's a security problem of mammoth proportions.  We require the system
 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
 * user's effective ID (or that the user's effective ID be root) and the
 * local .exrc files to be owned by the user's effective ID.  In all cases,
 * the file cannot be writeable by anyone other than its owner.
 *
 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
 * it notes that System V release 3.2 and later has an option "[no]exrc".
 * The behavior is that local .exrc files are read only if the exrc option
 * is set.  The default for the exrc option was off, so, by default, local
 * .exrc files were not read.  The problem this was intended to solve was
 * that System V permitted users to give away files, so there's no possible
 * ownership or writeability test to ensure that the file is safe.
 *
 * POSIX 1003.2-1992 standardized exrc as an option.  It required the exrc
 * option to be off by default, thus local .exrc files are not to be read
 * by default.  The Rationale noted (incorrectly) that this was a change
 * to historic practice, but correctly noted that a default of off improves
 * system security.  POSIX also required that vi check the effective user
 * ID instead of the real user ID, which is why we've switched from historic
 * practice.
 *
 * We initialize the exrc variable to off.  If it's turned on by the system
 * or $HOME .exrc files, and the local .exrc file passes the ownership and
 * writeability tests, then we read it.  This breaks historic 4BSD practice,
 * but it gives us a measure of security on systems where users can give away
 * files.
 */
static enum rc
exrc_isok(SCR *sp, struct stat *sbp, int *fdp, char *path, int rootown,
    int rootid)
{
	enum { ROOTOWN, OWN, WRITER } etype;
	uid_t euid;
	int nf1, nf2;
	char *a, *b, buf[PATH_MAX];

	if ((*fdp = open(path, O_RDONLY, 0)) < 0) {
		if (errno == ENOENT)
                        /* This is the only case where ex_exrc()
                         * should silently try the next file, for
                         * example .exrc after .nexrc.
			 */
			return (NOEXIST);

		msgq_str(sp, M_SYSERR, path, "%s");
		return (NOPERM);
	}

	if (fstat(*fdp, sbp)) {
		msgq_str(sp, M_SYSERR, path, "%s");
		close(*fdp);
		return (NOPERM);
	}

	/* Check ownership permissions. */
	euid = geteuid();
	if (!(rootown && sbp->st_uid == 0) &&
	    !(rootid && euid == 0) && sbp->st_uid != euid) {
		etype = rootown ? ROOTOWN : OWN;
		goto denied;
	}

	/* Check writeability. */
	if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
		etype = WRITER;
		goto denied;
	}
	return (RCOK);

denied:	a = msg_print(sp, path, &nf1);
	if (strchr(path, '/') == NULL && getcwd(buf, sizeof(buf)) != NULL) {
		b = msg_print(sp, buf, &nf2);
		switch (etype) {
		case ROOTOWN:
			msgq(sp, M_ERR,
			    "%s/%s: not sourced: not owned by you or root",
			    b, a);
			break;
		case OWN:
			msgq(sp, M_ERR,
			    "%s/%s: not sourced: not owned by you", b, a);
			break;
		case WRITER:
			msgq(sp, M_ERR,
    "%s/%s: not sourced: writable by a user other than the owner", b, a);
			break;
		}
		if (nf2)
			FREE_SPACE(sp, b, 0);
	} else
		switch (etype) {
		case ROOTOWN:
			msgq(sp, M_ERR,
			    "%s: not sourced: not owned by you or root", a);
			break;
		case OWN:
			msgq(sp, M_ERR,
			    "%s: not sourced: not owned by you", a);
			break;
		case WRITER:
			msgq(sp, M_ERR,
	    "%s: not sourced: writable by a user other than the owner", a);
			break;
		}

	if (nf1)
		FREE_SPACE(sp, a, 0);
	close(*fdp);
	return (NOPERM);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: ex_init.c,v 1.18 2017/04/18 01:45:35 deraadt Exp $ */
2
3			/*-
4			* Copyright (c) 1992, 1993, 1994
5			* The Regents of the University of California. All rights reserved.
6			* Copyright (c) 1992, 1993, 1994, 1995, 1996
7			* Keith Bostic. All rights reserved.
8			*
9			* See the LICENSE file for redistribution information.
10			*/
11
12			#include "config.h"
13
14			#include <sys/queue.h>
15			#include <sys/stat.h>
16
17			#include <bitstring.h>
18			#include <errno.h>
19			#include <fcntl.h>
20			#include <limits.h>
21			#include <stdio.h>
22			#include <stdlib.h>
23			#include <string.h>
24			#include <unistd.h>
25
26			#include "../common/common.h"
27			#include "tag.h"
28			#include "pathnames.h"
29
30			enum rc { NOEXIST, NOPERM, RCOK };
31			static enum rc exrc_isok(SCR , struct stat , int , char , int, int);
32
33			static int ex_run_file(SCR , int, char );
34
35			/*
36			* ex_screen_copy --
37			* Copy ex screen.
38			*
39			* PUBLIC: int ex_screen_copy(SCR , SCR );
40			*/
41			int
42			ex_screen_copy(SCR orig, SCR sp)
43			{
44			EX_PRIVATE oexp, nexp;
45
46			/* Create the private ex structure. */
47			CALLOC_RET(orig, nexp, 1, sizeof(EX_PRIVATE));
48			sp->ex_private = nexp;
49
50			/* Initialize queues. */
51			TAILQ_INIT(&nexp->tq);
52			TAILQ_INIT(&nexp->tagfq);
53
54			if (orig == NULL) {
55			} else {
56			oexp = EXP(orig);
57
58			if (oexp->lastbcomm != NULL &&
59			(nexp->lastbcomm = strdup(oexp->lastbcomm)) == NULL) {
60			msgq(sp, M_SYSERR, NULL);
61			return(1);
62			}
63			if (ex_tag_copy(orig, sp))
64			return (1);
65			}
66			return (0);
67			}
68
69			/*
70			* ex_screen_end --
71			* End a vi screen.
72			*
73			* PUBLIC: int ex_screen_end(SCR *);
74			*/
75			int
76			ex_screen_end(SCR *sp)
77			{
78			EX_PRIVATE *exp;
79			int rval;
80
81			if ((exp = EXP(sp)) == NULL)
82			return (0);
83
84			rval = 0;
85
86			/* Close down script connections. */
87			if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
88			rval = 1;
89
90			if (argv_free(sp))
91			rval = 1;
92
93			free(exp->ibp);
94			free(exp->lastbcomm);
95
96			if (ex_tag_free(sp))
97			rval = 1;
98
99			/* Free private memory. */
100			free(exp);
101			sp->ex_private = NULL;
102
103			return (rval);
104			}
105
106			/*
107			* ex_optchange --
108			* Handle change of options for ex.
109			*
110			* PUBLIC: int ex_optchange(SCR , int, char , u_long *);
111			*/
112			int
113			ex_optchange(SCR sp, int offset, char str, u_long *valp)
114			{
115			switch (offset) {
116			case O_TAGS:
117			return (ex_tagf_alloc(sp, str));
118			}
119			return (0);
120			}
121
122			/*
123			* ex_exrc --
124			* Read the EXINIT environment variable and the startup exrc files,
125			* and execute their commands.
126			*
127			* PUBLIC: int ex_exrc(SCR *);
128			*/
129			int
130			ex_exrc(SCR *sp)
131			{
132			struct stat hsb, lsb;
133			char *p, path[PATH_MAX];
134			int fd;
135
136			/*
137			* Source the system, environment, $HOME and local .exrc values.
138			* Vi historically didn't check $HOME/.exrc if the environment
139			* variable EXINIT was set. This is all done before the file is
140			* read in, because things in the .exrc information can set, for
141			* example, the recovery directory.
142			*
143			* !!!
144			* While nvi can handle any of the options settings of historic vi,
145			* the converse is not true. Since users are going to have to have
146			* files and environmental variables that work with both, we use nvi
147			* versions of both the $HOME and local startup files if they exist,
148			* otherwise the historic ones.
149			*
150			* !!!
151			* For a discussion of permissions and when what .exrc files are
152			* read, see the comment above the exrc_isok() function below.
153			*
154			* !!!
155			* If the user started the historic of vi in $HOME, vi read the user's
156			* .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as
157			* it's going to make some commands behave oddly, and I can't imagine
158			* anyone depending on it.
159			*/
160			switch (exrc_isok(sp, &hsb, &fd, _PATH_SYSEXRC, 1, 0)) {
161			case NOEXIST:
162			case NOPERM:
163			break;
164			case RCOK:
165			if (ex_run_file(sp, fd, _PATH_SYSEXRC))
166			return (1);
167			break;
168			}
169
170			/* Run the commands. */
171			if (EXCMD_RUNNING(sp->gp))
172			(void)ex_cmd(sp);
173			if (F_ISSET(sp, SC_EXIT \| SC_EXIT_FORCE))
174			return (0);
175
176			if ((p = getenv("NEXINIT")) != NULL) {
177			if (ex_run_str(sp, "NEXINIT", p, strlen(p), 1, 0))
178			return (1);
179			} else if ((p = getenv("EXINIT")) != NULL) {
180			if (ex_run_str(sp, "EXINIT", p, strlen(p), 1, 0))
181			return (1);
182			} else if ((p = getenv("HOME")) != NULL && *p) {
183			(void)snprintf(path, sizeof(path), "%s/%s", p, _PATH_NEXRC);
184			switch (exrc_isok(sp, &hsb, &fd, path, 0, 1)) {
185			case NOEXIST:
186			(void)snprintf(path,
187			sizeof(path), "%s/%s", p, _PATH_EXRC);
188			if (exrc_isok(sp, &hsb, &fd, path, 0, 1) == RCOK &&
189			ex_run_file(sp, fd, path))
190			return (1);
191			break;
192			case NOPERM:
193			break;
194			case RCOK:
195			if (ex_run_file(sp, fd, path))
196			return (1);
197			break;
198			}
199			}
200
201			/* Run the commands. */
202			if (EXCMD_RUNNING(sp->gp))
203			(void)ex_cmd(sp);
204			if (F_ISSET(sp, SC_EXIT \| SC_EXIT_FORCE))
205			return (0);
206
207			/* Previous commands may have set the exrc option. */
208			if (O_ISSET(sp, O_EXRC)) {
209			switch (exrc_isok(sp, &lsb, &fd, _PATH_NEXRC, 0, 0)) {
210			case NOEXIST:
211			if (exrc_isok(sp, &lsb, &fd, _PATH_EXRC, 0, 0)
212			== RCOK) {
213			if (lsb.st_dev != hsb.st_dev \|\|
214			lsb.st_ino != hsb.st_ino) {
215			if (ex_run_file(sp, fd, _PATH_EXRC))
216			return (1);
217			} else
218			close(fd);
219			}
220			break;
221			case NOPERM:
222			break;
223			case RCOK:
224			if (lsb.st_dev != hsb.st_dev \|\|
225			lsb.st_ino != hsb.st_ino) {
226			if (ex_run_file(sp, fd, _PATH_NEXRC))
227			return (1);
228			} else
229			close(fd);
230			break;
231			}
232			/* Run the commands. */
233			if (EXCMD_RUNNING(sp->gp))
234			(void)ex_cmd(sp);
235			if (F_ISSET(sp, SC_EXIT \| SC_EXIT_FORCE))
236			return (0);
237			}
238
239			return (0);
240			}
241
242			/*
243			* ex_run_file --
244			* Set up a file of ex commands to run.
245			*/
246			static int
247			ex_run_file(SCR sp, int fd, char name)
248			{
249			ARGS *ap[2], a;
250			EXCMD cmd;
251
252			ex_cinit(&cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0, ap);
253			ex_cadd(&cmd, &a, name, strlen(name));
254			return (ex_sourcefd(sp, &cmd, fd));
255			}
256
257			/*
258			* ex_run_str --
259			* Set up a string of ex commands to run.
260			*
261			* PUBLIC: int ex_run_str(SCR , char , char *, size_t, int, int);
262			*/
263			int
264			ex_run_str(SCR sp, char name, char *str, size_t len, int ex_flags,
265			int nocopy)
266			{
267			GS *gp;
268			EXCMD *ecp;
269
270			gp = sp->gp;
271			if (EXCMD_RUNNING(gp)) {
272			CALLOC_RET(sp, ecp, 1, sizeof(EXCMD));
273			LIST_INSERT_HEAD(&gp->ecq, ecp, q);
274			} else
275			ecp = &gp->excmd;
276
277			F_INIT(ecp,
278			ex_flags ? E_BLIGNORE \| E_NOAUTO \| E_NOPRDEF \| E_VLITONLY : 0);
279
280			if (nocopy)
281			ecp->cp = str;
282			else
283			if ((ecp->cp = v_strdup(sp, str, len)) == NULL)
284			return (1);
285			ecp->clen = len;
286
287			if (name == NULL)
288			ecp->if_name = NULL;
289			else {
290			if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
291			return (1);
292			ecp->if_lno = 1;
293			F_SET(ecp, E_NAMEDISCARD);
294			}
295
296			return (0);
297			}
298
299			/*
300			* exrc_isok --
301			* Open and check a .exrc file for source-ability.
302			*
303			* !!!
304			* Historically, vi read the $HOME and local .exrc files if they were owned
305			* by the user's real ID, or the "sourceany" option was set, regardless of
306			* any other considerations. We no longer support the sourceany option as
307			* it's a security problem of mammoth proportions. We require the system
308			* .exrc file to be owned by root, the $HOME .exrc file to be owned by the
309			* user's effective ID (or that the user's effective ID be root) and the
310			* local .exrc files to be owned by the user's effective ID. In all cases,
311			* the file cannot be writeable by anyone other than its owner.
312			*
313			* In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
314			* it notes that System V release 3.2 and later has an option "[no]exrc".
315			* The behavior is that local .exrc files are read only if the exrc option
316			* is set. The default for the exrc option was off, so, by default, local
317			* .exrc files were not read. The problem this was intended to solve was
318			* that System V permitted users to give away files, so there's no possible
319			* ownership or writeability test to ensure that the file is safe.
320			*
321			* POSIX 1003.2-1992 standardized exrc as an option. It required the exrc
322			* option to be off by default, thus local .exrc files are not to be read
323			* by default. The Rationale noted (incorrectly) that this was a change
324			* to historic practice, but correctly noted that a default of off improves
325			* system security. POSIX also required that vi check the effective user
326			* ID instead of the real user ID, which is why we've switched from historic
327			* practice.
328			*
329			* We initialize the exrc variable to off. If it's turned on by the system
330			* or $HOME .exrc files, and the local .exrc file passes the ownership and
331			* writeability tests, then we read it. This breaks historic 4BSD practice,
332			* but it gives us a measure of security on systems where users can give away
333			* files.
334			*/
335			static enum rc
336			exrc_isok(SCR sp, struct stat sbp, int fdp, char path, int rootown,
337			int rootid)
338			{
339			enum { ROOTOWN, OWN, WRITER } etype;
340			uid_t euid;
341			int nf1, nf2;
342			char a, b, buf[PATH_MAX];
343
344			if ((*fdp = open(path, O_RDONLY, 0)) < 0) {
345			if (errno == ENOENT)
346			/* This is the only case where ex_exrc()
347			* should silently try the next file, for
348			* example .exrc after .nexrc.
349			*/
350			return (NOEXIST);
351
352			msgq_str(sp, M_SYSERR, path, "%s");
353			return (NOPERM);
354			}
355
356			if (fstat(*fdp, sbp)) {
357			msgq_str(sp, M_SYSERR, path, "%s");
358			close(*fdp);
359			return (NOPERM);
360			}
361
362			/* Check ownership permissions. */
363			euid = geteuid();
364			if (!(rootown && sbp->st_uid == 0) &&
365			!(rootid && euid == 0) && sbp->st_uid != euid) {
366			etype = rootown ? ROOTOWN : OWN;
367			goto denied;
368			}
369
370			/* Check writeability. */
371			if (sbp->st_mode & (S_IWGRP \| S_IWOTH)) {
372			etype = WRITER;
373			goto denied;
374			}
375			return (RCOK);
376
377			denied: a = msg_print(sp, path, &nf1);
378			if (strchr(path, '/') == NULL && getcwd(buf, sizeof(buf)) != NULL) {
379			b = msg_print(sp, buf, &nf2);
380			switch (etype) {
381			case ROOTOWN:
382			msgq(sp, M_ERR,
383			"%s/%s: not sourced: not owned by you or root",
384			b, a);
385			break;
386			case OWN:
387			msgq(sp, M_ERR,
388			"%s/%s: not sourced: not owned by you", b, a);
389			break;
390			case WRITER:
391			msgq(sp, M_ERR,
392			"%s/%s: not sourced: writable by a user other than the owner", b, a);
393			break;
394			}
395			if (nf2)
396			FREE_SPACE(sp, b, 0);
397			} else
398			switch (etype) {
399			case ROOTOWN:
400			msgq(sp, M_ERR,
401			"%s: not sourced: not owned by you or root", a);
402			break;
403			case OWN:
404			msgq(sp, M_ERR,
405			"%s: not sourced: not owned by you", a);
406			break;
407			case WRITER:
408			msgq(sp, M_ERR,
409			"%s: not sourced: writable by a user other than the owner", a);
410			break;
411			}
412
413			if (nf1)
414			FREE_SPACE(sp, a, 0);
415			close(*fdp);
416			return (NOPERM);
417			}