140266059SGregory Neil Shapiro /*
25dd76dd0SGregory Neil Shapiro * Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
340266059SGregory Neil Shapiro * All rights reserved.
440266059SGregory Neil Shapiro *
540266059SGregory Neil Shapiro * By using this file, you agree to the terms and conditions set
640266059SGregory Neil Shapiro * forth in the LICENSE file which can be found at the top level of
740266059SGregory Neil Shapiro * the sendmail distribution.
840266059SGregory Neil Shapiro *
940266059SGregory Neil Shapiro */
1040266059SGregory Neil Shapiro
1140266059SGregory Neil Shapiro /*
1240266059SGregory Neil Shapiro ** This program checks to see if your version of setgid works.
1340266059SGregory Neil Shapiro ** Compile it, make it set-group-ID guest, and run it as yourself (NOT as
1440266059SGregory Neil Shapiro ** root and not as member of the group guest).
1540266059SGregory Neil Shapiro **
1640266059SGregory Neil Shapiro ** Compilation is trivial -- just "cc t_dropgid.c". Make it set-group-ID
1740266059SGregory Neil Shapiro ** guest and then execute it as a non-root user.
1840266059SGregory Neil Shapiro */
1940266059SGregory Neil Shapiro
2040266059SGregory Neil Shapiro #include <sys/types.h>
2140266059SGregory Neil Shapiro #include <unistd.h>
2240266059SGregory Neil Shapiro #include <stdio.h>
23*2fb4f839SGregory Neil Shapiro #include <stdlib.h>
2440266059SGregory Neil Shapiro
2540266059SGregory Neil Shapiro #ifndef lint
264313cc83SGregory Neil Shapiro static char id[] = "@(#)$Id: t_dropgid.c,v 1.7 2013-11-22 20:52:01 ca Exp $";
27*2fb4f839SGregory Neil Shapiro #endif
2840266059SGregory Neil Shapiro
2940266059SGregory Neil Shapiro static void
printgids(str,r,e)3040266059SGregory Neil Shapiro printgids(str, r, e)
3140266059SGregory Neil Shapiro char *str;
3240266059SGregory Neil Shapiro gid_t r, e;
3340266059SGregory Neil Shapiro {
3440266059SGregory Neil Shapiro printf("%s (should be %d/%d): r/egid=%d/%d\n", str, (int) r, (int) e,
3540266059SGregory Neil Shapiro (int) getgid(), (int) getegid());
3640266059SGregory Neil Shapiro }
3740266059SGregory Neil Shapiro
3840266059SGregory Neil Shapiro /* define only one of these */
3940266059SGregory Neil Shapiro #if HASSETEGID
4040266059SGregory Neil Shapiro # define SETGIDCALL "setegid"
41*2fb4f839SGregory Neil Shapiro #endif
4240266059SGregory Neil Shapiro #if HASSETREGID
4340266059SGregory Neil Shapiro # define SETGIDCALL "setregid"
44*2fb4f839SGregory Neil Shapiro #endif
4540266059SGregory Neil Shapiro #if HASSETRESGID
4640266059SGregory Neil Shapiro # define SETGIDCALL "setresgid"
47*2fb4f839SGregory Neil Shapiro #endif
4840266059SGregory Neil Shapiro
4940266059SGregory Neil Shapiro #ifndef SETGIDCALL
5040266059SGregory Neil Shapiro # define SETGIDCALL "setgid"
51*2fb4f839SGregory Neil Shapiro #endif
5240266059SGregory Neil Shapiro
5340266059SGregory Neil Shapiro int
main(argc,argv)5440266059SGregory Neil Shapiro main(argc, argv)
5540266059SGregory Neil Shapiro int argc;
5640266059SGregory Neil Shapiro char **argv;
5740266059SGregory Neil Shapiro {
5840266059SGregory Neil Shapiro int fail = 0;
5940266059SGregory Neil Shapiro int res;
6040266059SGregory Neil Shapiro gid_t realgid = getgid();
6140266059SGregory Neil Shapiro gid_t effgid = getegid();
6240266059SGregory Neil Shapiro char *prg = argv[0];
6340266059SGregory Neil Shapiro
6440266059SGregory Neil Shapiro printgids("initial gids", realgid, effgid);
6540266059SGregory Neil Shapiro
6640266059SGregory Neil Shapiro if (effgid == realgid)
6740266059SGregory Neil Shapiro {
6840266059SGregory Neil Shapiro printf("SETUP ERROR: re-run set-group-ID guest\n");
6940266059SGregory Neil Shapiro printf("Use chgrp(1) and chmod(1)\n");
7040266059SGregory Neil Shapiro printf("For example, do this as root ");
7140266059SGregory Neil Shapiro printf("(nobody is the name of a group in this example):\n");
7240266059SGregory Neil Shapiro printf("# chgrp nobody %s\n", prg);
7340266059SGregory Neil Shapiro printf("# chmod g+s nobody %s\n", prg);
7440266059SGregory Neil Shapiro exit(1);
7540266059SGregory Neil Shapiro }
7640266059SGregory Neil Shapiro
7740266059SGregory Neil Shapiro #if HASSETREGID
7840266059SGregory Neil Shapiro res = setregid(realgid, realgid);
7940266059SGregory Neil Shapiro printf("setregid(%d)=%d %s\n", (int) realgid, res,
8040266059SGregory Neil Shapiro res < 0 ? "failure" : "ok");
8140266059SGregory Neil Shapiro printgids("after setregid()", realgid, realgid);
8240266059SGregory Neil Shapiro #endif /* HASSETREGID */
8340266059SGregory Neil Shapiro #if HASSETRESGID
8440266059SGregory Neil Shapiro res = setresgid(realgid, realgid, realgid);
8540266059SGregory Neil Shapiro printf("setresgid(%d)=%d %s\n", (int) realgid, res,
8640266059SGregory Neil Shapiro res < 0 ? "failure" : "ok");
8740266059SGregory Neil Shapiro printgids("after setresgid()", realgid, realgid);
8840266059SGregory Neil Shapiro #endif /* HASSETRESGID */
8940266059SGregory Neil Shapiro #if HASSETEGID
9040266059SGregory Neil Shapiro res = setegid(realgid);
9140266059SGregory Neil Shapiro printf("setegid(%d)=%d %s\n", (int) realgid, res,
9240266059SGregory Neil Shapiro res < 0 ? "failure" : "ok");
9340266059SGregory Neil Shapiro printgids("after setegid()", realgid, realgid);
9440266059SGregory Neil Shapiro #endif /* HASSETEGID */
9540266059SGregory Neil Shapiro res = setgid(realgid);
9640266059SGregory Neil Shapiro printf("setgid(%d)=%d %s\n", (int) realgid, res,
9740266059SGregory Neil Shapiro res < 0 ? "failure" : "ok");
9840266059SGregory Neil Shapiro printgids("after setgid()", realgid, realgid);
9940266059SGregory Neil Shapiro
10040266059SGregory Neil Shapiro if (getegid() != realgid)
10140266059SGregory Neil Shapiro {
10240266059SGregory Neil Shapiro fail++;
10340266059SGregory Neil Shapiro printf("MAYDAY! Wrong effective gid\n");
10440266059SGregory Neil Shapiro }
10540266059SGregory Neil Shapiro
10640266059SGregory Neil Shapiro if (getgid() != realgid)
10740266059SGregory Neil Shapiro {
10840266059SGregory Neil Shapiro fail++;
10940266059SGregory Neil Shapiro printf("MAYDAY! Wrong real gid\n");
11040266059SGregory Neil Shapiro }
11140266059SGregory Neil Shapiro
11240266059SGregory Neil Shapiro /* do activity here */
11340266059SGregory Neil Shapiro if (setgid(effgid) == 0)
11440266059SGregory Neil Shapiro {
11540266059SGregory Neil Shapiro fail++;
11640266059SGregory Neil Shapiro printf("MAYDAY! setgid(%d) succeeded (should have failed)\n",
11740266059SGregory Neil Shapiro effgid);
11840266059SGregory Neil Shapiro }
11940266059SGregory Neil Shapiro else
12040266059SGregory Neil Shapiro {
12140266059SGregory Neil Shapiro printf("setgid(%d) failed (this is correct)\n", effgid);
12240266059SGregory Neil Shapiro }
12340266059SGregory Neil Shapiro printgids("after setgid() to egid", realgid, realgid);
12440266059SGregory Neil Shapiro
12540266059SGregory Neil Shapiro if (getegid() != realgid)
12640266059SGregory Neil Shapiro {
12740266059SGregory Neil Shapiro fail++;
12840266059SGregory Neil Shapiro printf("MAYDAY! Wrong effective gid\n");
12940266059SGregory Neil Shapiro }
13040266059SGregory Neil Shapiro if (getgid() != realgid)
13140266059SGregory Neil Shapiro {
13240266059SGregory Neil Shapiro fail++;
13340266059SGregory Neil Shapiro printf("MAYDAY! Wrong real gid\n");
13440266059SGregory Neil Shapiro }
13540266059SGregory Neil Shapiro printf("\n");
13640266059SGregory Neil Shapiro
13740266059SGregory Neil Shapiro if (fail > 0)
13840266059SGregory Neil Shapiro {
13940266059SGregory Neil Shapiro printf("\nThis system cannot use %s to give up set-group-ID rights\n",
14040266059SGregory Neil Shapiro SETGIDCALL);
14140266059SGregory Neil Shapiro #if !HASSETEGID
14240266059SGregory Neil Shapiro printf("Maybe compile with -DHASSETEGID and try again\n");
143*2fb4f839SGregory Neil Shapiro #endif
14440266059SGregory Neil Shapiro #if !HASSETREGID
14540266059SGregory Neil Shapiro printf("Maybe compile with -DHASSETREGID and try again\n");
146*2fb4f839SGregory Neil Shapiro #endif
14740266059SGregory Neil Shapiro #if !HASSETRESGID
14840266059SGregory Neil Shapiro printf("Maybe compile with -DHASSETRESGID and try again\n");
149*2fb4f839SGregory Neil Shapiro #endif
15040266059SGregory Neil Shapiro exit(1);
15140266059SGregory Neil Shapiro }
15240266059SGregory Neil Shapiro
15340266059SGregory Neil Shapiro printf("\nIt is possible to use %s on this system\n", SETGIDCALL);
15440266059SGregory Neil Shapiro exit(0);
15540266059SGregory Neil Shapiro }
156