140266059SGregory Neil Shapiro /*
25dd76dd0SGregory Neil Shapiro * Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
340266059SGregory Neil Shapiro * All rights reserved.
440266059SGregory Neil Shapiro *
540266059SGregory Neil Shapiro * By using this file, you agree to the terms and conditions set
640266059SGregory Neil Shapiro * forth in the LICENSE file which can be found at the top level of
740266059SGregory Neil Shapiro * the sendmail distribution.
840266059SGregory Neil Shapiro *
940266059SGregory Neil Shapiro */
1040266059SGregory Neil Shapiro
1140266059SGregory Neil Shapiro /*
1240266059SGregory Neil Shapiro ** This program checks to see if your version of setgid works.
1340266059SGregory Neil Shapiro ** Compile it, make it set-group-ID guest, and run it as yourself (NOT as
1440266059SGregory Neil Shapiro ** root and not as member of the group guest).
1540266059SGregory Neil Shapiro **
1640266059SGregory Neil Shapiro ** Compilation is trivial -- just "cc t_setgid.c". Make it set-group-ID,
1740266059SGregory Neil Shapiro ** guest and then execute it as a non-root user.
1840266059SGregory Neil Shapiro */
1940266059SGregory Neil Shapiro
2040266059SGregory Neil Shapiro #include <sys/types.h>
2140266059SGregory Neil Shapiro #include <unistd.h>
2240266059SGregory Neil Shapiro #include <stdio.h>
23*2fb4f839SGregory Neil Shapiro #include <stdlib.h>
2440266059SGregory Neil Shapiro
2540266059SGregory Neil Shapiro #ifndef lint
264313cc83SGregory Neil Shapiro static char id[] = "@(#)$Id: t_setgid.c,v 1.7 2013-11-22 20:52:01 ca Exp $";
27*2fb4f839SGregory Neil Shapiro #endif
2840266059SGregory Neil Shapiro
2940266059SGregory Neil Shapiro static void
printgids(str,r,e)3040266059SGregory Neil Shapiro printgids(str, r, e)
3140266059SGregory Neil Shapiro char *str;
3240266059SGregory Neil Shapiro gid_t r, e;
3340266059SGregory Neil Shapiro {
3440266059SGregory Neil Shapiro printf("%s (should be %d/%d): r/egid=%d/%d\n", str, (int) r, (int) e,
3540266059SGregory Neil Shapiro (int) getgid(), (int) getegid());
3640266059SGregory Neil Shapiro }
3740266059SGregory Neil Shapiro
3840266059SGregory Neil Shapiro int
main(argc,argv)3940266059SGregory Neil Shapiro main(argc, argv)
4040266059SGregory Neil Shapiro int argc;
4140266059SGregory Neil Shapiro char **argv;
4240266059SGregory Neil Shapiro {
4340266059SGregory Neil Shapiro int fail = 0;
4440266059SGregory Neil Shapiro int res;
4540266059SGregory Neil Shapiro gid_t realgid = getgid();
4640266059SGregory Neil Shapiro gid_t effgid = getegid();
4740266059SGregory Neil Shapiro
4840266059SGregory Neil Shapiro printgids("initial gids", realgid, effgid);
4940266059SGregory Neil Shapiro
5040266059SGregory Neil Shapiro if (effgid == realgid)
5140266059SGregory Neil Shapiro {
5240266059SGregory Neil Shapiro printf("SETUP ERROR: re-run set-group-ID guest\n");
5340266059SGregory Neil Shapiro exit(1);
5440266059SGregory Neil Shapiro }
5540266059SGregory Neil Shapiro
5640266059SGregory Neil Shapiro #if SM_CONF_SETREGID
5740266059SGregory Neil Shapiro res = setregid(effgid, effgid);
58*2fb4f839SGregory Neil Shapiro #else
5940266059SGregory Neil Shapiro res = setgid(effgid);
60*2fb4f839SGregory Neil Shapiro #endif
6140266059SGregory Neil Shapiro
6240266059SGregory Neil Shapiro printf("setgid(%d)=%d %s\n", (int) effgid, res,
6340266059SGregory Neil Shapiro res < 0 ? "failure" : "ok");
6440266059SGregory Neil Shapiro #if SM_CONF_SETREGID
6540266059SGregory Neil Shapiro printgids("after setregid()", effgid, effgid);
66*2fb4f839SGregory Neil Shapiro #else
6740266059SGregory Neil Shapiro printgids("after setgid()", effgid, effgid);
68*2fb4f839SGregory Neil Shapiro #endif
6940266059SGregory Neil Shapiro
7040266059SGregory Neil Shapiro if (getegid() != effgid)
7140266059SGregory Neil Shapiro {
7240266059SGregory Neil Shapiro fail++;
7340266059SGregory Neil Shapiro printf("MAYDAY! Wrong effective gid\n");
7440266059SGregory Neil Shapiro }
7540266059SGregory Neil Shapiro
7640266059SGregory Neil Shapiro if (getgid() != effgid)
7740266059SGregory Neil Shapiro {
7840266059SGregory Neil Shapiro fail++;
7940266059SGregory Neil Shapiro printf("MAYDAY! Wrong real gid\n");
8040266059SGregory Neil Shapiro }
8140266059SGregory Neil Shapiro
8240266059SGregory Neil Shapiro /* do activity here */
8340266059SGregory Neil Shapiro if (setgid(0) == 0)
8440266059SGregory Neil Shapiro {
8540266059SGregory Neil Shapiro fail++;
8640266059SGregory Neil Shapiro printf("MAYDAY! setgid(0) succeeded (should have failed)\n");
8740266059SGregory Neil Shapiro }
8840266059SGregory Neil Shapiro else
8940266059SGregory Neil Shapiro {
9040266059SGregory Neil Shapiro printf("setgid(0) failed (this is correct)\n");
9140266059SGregory Neil Shapiro }
9240266059SGregory Neil Shapiro printgids("after setgid(0)", effgid, effgid);
9340266059SGregory Neil Shapiro
9440266059SGregory Neil Shapiro if (getegid() != effgid)
9540266059SGregory Neil Shapiro {
9640266059SGregory Neil Shapiro fail++;
9740266059SGregory Neil Shapiro printf("MAYDAY! Wrong effective gid\n");
9840266059SGregory Neil Shapiro }
9940266059SGregory Neil Shapiro if (getgid() != effgid)
10040266059SGregory Neil Shapiro {
10140266059SGregory Neil Shapiro fail++;
10240266059SGregory Neil Shapiro printf("MAYDAY! Wrong real gid\n");
10340266059SGregory Neil Shapiro }
10440266059SGregory Neil Shapiro printf("\n");
10540266059SGregory Neil Shapiro
10640266059SGregory Neil Shapiro if (fail > 0)
10740266059SGregory Neil Shapiro {
10840266059SGregory Neil Shapiro printf("\nThis system cannot use %s to set the real gid to the effective gid\nand clear the saved gid.\n",
10940266059SGregory Neil Shapiro #if SM_CONF_SETREGID
11040266059SGregory Neil Shapiro "setregid"
111*2fb4f839SGregory Neil Shapiro #else
11240266059SGregory Neil Shapiro "setgid"
113*2fb4f839SGregory Neil Shapiro #endif
11440266059SGregory Neil Shapiro );
11540266059SGregory Neil Shapiro exit(1);
11640266059SGregory Neil Shapiro }
11740266059SGregory Neil Shapiro
11840266059SGregory Neil Shapiro printf("\nIt is possible to use setgid on this system\n");
11940266059SGregory Neil Shapiro exit(0);
12040266059SGregory Neil Shapiro }
121