1 /*
2 * Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
3 * All rights reserved.
4 *
5 * By using this file, you agree to the terms and conditions set
6 * forth in the LICENSE file which can be found at the top level of
7 * the sendmail distribution.
8 *
9 */
10
11 /*
12 ** This program checks to see if your version of setuid works.
13 ** Compile it, make it set-user-ID root, and run it as yourself (NOT as
14 ** root).
15 **
16 ** NOTE: This should work everywhere, but Linux has the ability
17 ** to use the undocumented setcap() call to make this break.
18 **
19 ** Compilation is trivial -- just "cc t_setuid.c". Make it set-user-ID,
20 ** root and then execute it as a non-root user.
21 */
22
23 #include <sys/types.h>
24 #include <unistd.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27
28 #ifndef lint
29 static char id[] = "@(#)$Id: t_setuid.c,v 8.8 2013-11-22 20:52:01 ca Exp $";
30 #endif
31
32 static void
printuids(str,r,e)33 printuids(str, r, e)
34 char *str;
35 uid_t r, e;
36 {
37 printf("%s (should be %d/%d): r/euid=%d/%d\n", str, (int) r, (int) e,
38 (int) getuid(), (int) geteuid());
39 }
40
41 int
main(argc,argv)42 main(argc, argv)
43 int argc;
44 char **argv;
45 {
46 int fail = 0;
47 uid_t realuid = getuid();
48
49 printuids("initial uids", realuid, 0);
50
51 if (geteuid() != 0)
52 {
53 printf("SETUP ERROR: re-run set-user-ID root\n");
54 exit(1);
55 }
56
57 if (getuid() == 0)
58 {
59 printf("SETUP ERROR: must be run by a non-root user\n");
60 exit(1);
61 }
62
63 if (setuid(1) < 0)
64 printf("setuid(1) failure\n");
65 printuids("after setuid(1)", 1, 1);
66
67 if (geteuid() != 1)
68 {
69 fail++;
70 printf("MAYDAY! Wrong effective uid\n");
71 }
72
73 if (getuid() != 1)
74 {
75 fail++;
76 printf("MAYDAY! Wrong real uid\n");
77 }
78
79
80 /* do activity here */
81 if (setuid(0) == 0)
82 {
83 fail++;
84 printf("MAYDAY! setuid(0) succeeded (should have failed)\n");
85 }
86 else
87 {
88 printf("setuid(0) failed (this is correct)\n");
89 }
90 printuids("after setuid(0)", 1, 1);
91
92 if (geteuid() != 1)
93 {
94 fail++;
95 printf("MAYDAY! Wrong effective uid\n");
96 }
97 if (getuid() != 1)
98 {
99 fail++;
100 printf("MAYDAY! Wrong real uid\n");
101 }
102 printf("\n");
103
104 if (fail)
105 {
106 printf("\nThis system cannot use setuid (maybe use setreuid)\n");
107 exit(1);
108 }
109
110 printf("\nIt is safe to use setuid on this system\n");
111 exit(0);
112 }
113