1*57718be8SEnji Cooper /* $NetBSD: t_setuid.c,v 1.1 2011/07/07 06:57:54 jruoho Exp $ */ 2*57718be8SEnji Cooper 3*57718be8SEnji Cooper /*- 4*57718be8SEnji Cooper * Copyright (c) 2011 The NetBSD Foundation, Inc. 5*57718be8SEnji Cooper * All rights reserved. 6*57718be8SEnji Cooper * 7*57718be8SEnji Cooper * This code is derived from software contributed to The NetBSD Foundation 8*57718be8SEnji Cooper * by Jukka Ruohonen. 9*57718be8SEnji Cooper * 10*57718be8SEnji Cooper * Redistribution and use in source and binary forms, with or without 11*57718be8SEnji Cooper * modification, are permitted provided that the following conditions 12*57718be8SEnji Cooper * are met: 13*57718be8SEnji Cooper * 1. Redistributions of source code must retain the above copyright 14*57718be8SEnji Cooper * notice, this list of conditions and the following disclaimer. 15*57718be8SEnji Cooper * 2. Redistributions in binary form must reproduce the above copyright 16*57718be8SEnji Cooper * notice, this list of conditions and the following disclaimer in the 17*57718be8SEnji Cooper * documentation and/or other materials provided with the distribution. 18*57718be8SEnji Cooper * 19*57718be8SEnji Cooper * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20*57718be8SEnji Cooper * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21*57718be8SEnji Cooper * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22*57718be8SEnji Cooper * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23*57718be8SEnji Cooper * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24*57718be8SEnji Cooper * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25*57718be8SEnji Cooper * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26*57718be8SEnji Cooper * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27*57718be8SEnji Cooper * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28*57718be8SEnji Cooper * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29*57718be8SEnji Cooper * POSSIBILITY OF SUCH DAMAGE. 30*57718be8SEnji Cooper */ 31*57718be8SEnji Cooper #include <sys/cdefs.h> 32*57718be8SEnji Cooper __RCSID("$NetBSD: t_setuid.c,v 1.1 2011/07/07 06:57:54 jruoho Exp $"); 33*57718be8SEnji Cooper 34*57718be8SEnji Cooper #include <sys/wait.h> 35*57718be8SEnji Cooper 36*57718be8SEnji Cooper #include <atf-c.h> 37*57718be8SEnji Cooper #include <errno.h> 38*57718be8SEnji Cooper #include <pwd.h> 39*57718be8SEnji Cooper #include <stdlib.h> 40*57718be8SEnji Cooper #include <unistd.h> 41*57718be8SEnji Cooper 42*57718be8SEnji Cooper ATF_TC(setuid_perm); 43*57718be8SEnji Cooper ATF_TC_HEAD(setuid_perm, tc) 44*57718be8SEnji Cooper { 45*57718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test setuid(0) as normal user"); 46*57718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "unprivileged"); 47*57718be8SEnji Cooper } 48*57718be8SEnji Cooper 49*57718be8SEnji Cooper ATF_TC_BODY(setuid_perm, tc) 50*57718be8SEnji Cooper { 51*57718be8SEnji Cooper errno = 0; 52*57718be8SEnji Cooper 53*57718be8SEnji Cooper ATF_REQUIRE(setuid(0) == -1); 54*57718be8SEnji Cooper ATF_REQUIRE(errno == EPERM); 55*57718be8SEnji Cooper } 56*57718be8SEnji Cooper 57*57718be8SEnji Cooper ATF_TC(setuid_real); 58*57718be8SEnji Cooper ATF_TC_HEAD(setuid_real, tc) 59*57718be8SEnji Cooper { 60*57718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "Test setuid(2) with real UID"); 61*57718be8SEnji Cooper } 62*57718be8SEnji Cooper 63*57718be8SEnji Cooper ATF_TC_BODY(setuid_real, tc) 64*57718be8SEnji Cooper { 65*57718be8SEnji Cooper uid_t uid = getuid(); 66*57718be8SEnji Cooper 67*57718be8SEnji Cooper ATF_REQUIRE(setuid(uid) == 0); 68*57718be8SEnji Cooper 69*57718be8SEnji Cooper ATF_REQUIRE(getuid() == uid); 70*57718be8SEnji Cooper ATF_REQUIRE(geteuid() == uid); 71*57718be8SEnji Cooper } 72*57718be8SEnji Cooper 73*57718be8SEnji Cooper ATF_TC(setuid_root); 74*57718be8SEnji Cooper ATF_TC_HEAD(setuid_root, tc) 75*57718be8SEnji Cooper { 76*57718be8SEnji Cooper atf_tc_set_md_var(tc, "descr", "A basic test of setuid(2)"); 77*57718be8SEnji Cooper atf_tc_set_md_var(tc, "require.user", "root"); 78*57718be8SEnji Cooper } 79*57718be8SEnji Cooper 80*57718be8SEnji Cooper ATF_TC_BODY(setuid_root, tc) 81*57718be8SEnji Cooper { 82*57718be8SEnji Cooper struct passwd *pw; 83*57718be8SEnji Cooper int rv, sta; 84*57718be8SEnji Cooper pid_t pid; 85*57718be8SEnji Cooper uid_t uid; 86*57718be8SEnji Cooper 87*57718be8SEnji Cooper while ((pw = getpwent()) != NULL) { 88*57718be8SEnji Cooper 89*57718be8SEnji Cooper pid = fork(); 90*57718be8SEnji Cooper ATF_REQUIRE(pid >= 0); 91*57718be8SEnji Cooper 92*57718be8SEnji Cooper if (pid == 0) { 93*57718be8SEnji Cooper 94*57718be8SEnji Cooper rv = setuid(pw->pw_uid); 95*57718be8SEnji Cooper 96*57718be8SEnji Cooper if (rv != 0) 97*57718be8SEnji Cooper _exit(EXIT_FAILURE); 98*57718be8SEnji Cooper 99*57718be8SEnji Cooper uid = getuid(); 100*57718be8SEnji Cooper 101*57718be8SEnji Cooper if (uid != pw->pw_uid) 102*57718be8SEnji Cooper _exit(EXIT_FAILURE); 103*57718be8SEnji Cooper 104*57718be8SEnji Cooper _exit(EXIT_SUCCESS); 105*57718be8SEnji Cooper } 106*57718be8SEnji Cooper 107*57718be8SEnji Cooper (void)wait(&sta); 108*57718be8SEnji Cooper 109*57718be8SEnji Cooper if (WIFEXITED(sta) == 0 || WEXITSTATUS(sta) != EXIT_SUCCESS) 110*57718be8SEnji Cooper atf_tc_fail("failed to change UID to %u", pw->pw_uid); 111*57718be8SEnji Cooper } 112*57718be8SEnji Cooper } 113*57718be8SEnji Cooper 114*57718be8SEnji Cooper ATF_TP_ADD_TCS(tp) 115*57718be8SEnji Cooper { 116*57718be8SEnji Cooper 117*57718be8SEnji Cooper ATF_TP_ADD_TC(tp, setuid_perm); 118*57718be8SEnji Cooper ATF_TP_ADD_TC(tp, setuid_real); 119*57718be8SEnji Cooper ATF_TP_ADD_TC(tp, setuid_root); 120*57718be8SEnji Cooper 121*57718be8SEnji Cooper return atf_no_error(); 122*57718be8SEnji Cooper } 123