106f25ae9SGregory Neil Shapiro /*
25dd76dd0SGregory Neil Shapiro * Copyright (c) 2001 Proofpoint, Inc. and its suppliers.
340266059SGregory Neil Shapiro * All rights reserved.
440266059SGregory Neil Shapiro *
540266059SGregory Neil Shapiro * By using this file, you agree to the terms and conditions set
640266059SGregory Neil Shapiro * forth in the LICENSE file which can be found at the top level of
740266059SGregory Neil Shapiro * the sendmail distribution.
840266059SGregory Neil Shapiro *
940266059SGregory Neil Shapiro */
1040266059SGregory Neil Shapiro
1140266059SGregory Neil Shapiro /*
1206f25ae9SGregory Neil Shapiro ** This program checks to see if your version of setuid works.
1340266059SGregory Neil Shapiro ** Compile it, make it set-user-ID root, and run it as yourself (NOT as
1406f25ae9SGregory Neil Shapiro ** root).
1506f25ae9SGregory Neil Shapiro **
1606f25ae9SGregory Neil Shapiro ** NOTE: This should work everywhere, but Linux has the ability
1706f25ae9SGregory Neil Shapiro ** to use the undocumented setcap() call to make this break.
1806f25ae9SGregory Neil Shapiro **
1940266059SGregory Neil Shapiro ** Compilation is trivial -- just "cc t_setuid.c". Make it set-user-ID,
2006f25ae9SGregory Neil Shapiro ** root and then execute it as a non-root user.
2106f25ae9SGregory Neil Shapiro */
2206f25ae9SGregory Neil Shapiro
2306f25ae9SGregory Neil Shapiro #include <sys/types.h>
2406f25ae9SGregory Neil Shapiro #include <unistd.h>
2506f25ae9SGregory Neil Shapiro #include <stdio.h>
26*2fb4f839SGregory Neil Shapiro #include <stdlib.h>
2706f25ae9SGregory Neil Shapiro
2806f25ae9SGregory Neil Shapiro #ifndef lint
294313cc83SGregory Neil Shapiro static char id[] = "@(#)$Id: t_setuid.c,v 8.8 2013-11-22 20:52:01 ca Exp $";
30*2fb4f839SGregory Neil Shapiro #endif
3106f25ae9SGregory Neil Shapiro
3206f25ae9SGregory Neil Shapiro static void
printuids(str,r,e)3306f25ae9SGregory Neil Shapiro printuids(str, r, e)
3406f25ae9SGregory Neil Shapiro char *str;
3540266059SGregory Neil Shapiro uid_t r, e;
3606f25ae9SGregory Neil Shapiro {
3740266059SGregory Neil Shapiro printf("%s (should be %d/%d): r/euid=%d/%d\n", str, (int) r, (int) e,
3840266059SGregory Neil Shapiro (int) getuid(), (int) geteuid());
3906f25ae9SGregory Neil Shapiro }
4006f25ae9SGregory Neil Shapiro
4106f25ae9SGregory Neil Shapiro int
main(argc,argv)4206f25ae9SGregory Neil Shapiro main(argc, argv)
4306f25ae9SGregory Neil Shapiro int argc;
4406f25ae9SGregory Neil Shapiro char **argv;
4506f25ae9SGregory Neil Shapiro {
4606f25ae9SGregory Neil Shapiro int fail = 0;
4706f25ae9SGregory Neil Shapiro uid_t realuid = getuid();
4806f25ae9SGregory Neil Shapiro
4906f25ae9SGregory Neil Shapiro printuids("initial uids", realuid, 0);
5006f25ae9SGregory Neil Shapiro
5106f25ae9SGregory Neil Shapiro if (geteuid() != 0)
5206f25ae9SGregory Neil Shapiro {
5340266059SGregory Neil Shapiro printf("SETUP ERROR: re-run set-user-ID root\n");
5406f25ae9SGregory Neil Shapiro exit(1);
5506f25ae9SGregory Neil Shapiro }
5606f25ae9SGregory Neil Shapiro
5706f25ae9SGregory Neil Shapiro if (getuid() == 0)
5806f25ae9SGregory Neil Shapiro {
5906f25ae9SGregory Neil Shapiro printf("SETUP ERROR: must be run by a non-root user\n");
6006f25ae9SGregory Neil Shapiro exit(1);
6106f25ae9SGregory Neil Shapiro }
6206f25ae9SGregory Neil Shapiro
6306f25ae9SGregory Neil Shapiro if (setuid(1) < 0)
6406f25ae9SGregory Neil Shapiro printf("setuid(1) failure\n");
6506f25ae9SGregory Neil Shapiro printuids("after setuid(1)", 1, 1);
6606f25ae9SGregory Neil Shapiro
6706f25ae9SGregory Neil Shapiro if (geteuid() != 1)
6806f25ae9SGregory Neil Shapiro {
6906f25ae9SGregory Neil Shapiro fail++;
7006f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong effective uid\n");
7106f25ae9SGregory Neil Shapiro }
7206f25ae9SGregory Neil Shapiro
7306f25ae9SGregory Neil Shapiro if (getuid() != 1)
7406f25ae9SGregory Neil Shapiro {
7506f25ae9SGregory Neil Shapiro fail++;
7606f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong real uid\n");
7706f25ae9SGregory Neil Shapiro }
7806f25ae9SGregory Neil Shapiro
7906f25ae9SGregory Neil Shapiro
8006f25ae9SGregory Neil Shapiro /* do activity here */
8106f25ae9SGregory Neil Shapiro if (setuid(0) == 0)
8206f25ae9SGregory Neil Shapiro {
8306f25ae9SGregory Neil Shapiro fail++;
8406f25ae9SGregory Neil Shapiro printf("MAYDAY! setuid(0) succeeded (should have failed)\n");
8506f25ae9SGregory Neil Shapiro }
8606f25ae9SGregory Neil Shapiro else
8706f25ae9SGregory Neil Shapiro {
8806f25ae9SGregory Neil Shapiro printf("setuid(0) failed (this is correct)\n");
8906f25ae9SGregory Neil Shapiro }
9006f25ae9SGregory Neil Shapiro printuids("after setuid(0)", 1, 1);
9106f25ae9SGregory Neil Shapiro
9206f25ae9SGregory Neil Shapiro if (geteuid() != 1)
9306f25ae9SGregory Neil Shapiro {
9406f25ae9SGregory Neil Shapiro fail++;
9506f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong effective uid\n");
9606f25ae9SGregory Neil Shapiro }
9706f25ae9SGregory Neil Shapiro if (getuid() != 1)
9806f25ae9SGregory Neil Shapiro {
9906f25ae9SGregory Neil Shapiro fail++;
10006f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong real uid\n");
10106f25ae9SGregory Neil Shapiro }
10206f25ae9SGregory Neil Shapiro printf("\n");
10306f25ae9SGregory Neil Shapiro
10406f25ae9SGregory Neil Shapiro if (fail)
10506f25ae9SGregory Neil Shapiro {
10606f25ae9SGregory Neil Shapiro printf("\nThis system cannot use setuid (maybe use setreuid)\n");
10706f25ae9SGregory Neil Shapiro exit(1);
10806f25ae9SGregory Neil Shapiro }
10906f25ae9SGregory Neil Shapiro
11006f25ae9SGregory Neil Shapiro printf("\nIt is safe to use setuid on this system\n");
11106f25ae9SGregory Neil Shapiro exit(0);
11206f25ae9SGregory Neil Shapiro }
113