xref: /freebsd/contrib/sendmail/test/t_setuid.c (revision 4026605903c0ab8df33c4ae8c419acdb2b652af8)
106f25ae9SGregory Neil Shapiro /*
240266059SGregory Neil Shapiro  * Copyright (c) 2001 Sendmail, Inc. and its suppliers.
340266059SGregory Neil Shapiro  *	All rights reserved.
440266059SGregory Neil Shapiro  *
540266059SGregory Neil Shapiro  * By using this file, you agree to the terms and conditions set
640266059SGregory Neil Shapiro  * forth in the LICENSE file which can be found at the top level of
740266059SGregory Neil Shapiro  * the sendmail distribution.
840266059SGregory Neil Shapiro  *
940266059SGregory Neil Shapiro  */
1040266059SGregory Neil Shapiro 
1140266059SGregory Neil Shapiro /*
1206f25ae9SGregory Neil Shapiro **  This program checks to see if your version of setuid works.
1340266059SGregory Neil Shapiro **  Compile it, make it set-user-ID root, and run it as yourself (NOT as
1406f25ae9SGregory Neil Shapiro **  root).
1506f25ae9SGregory Neil Shapiro **
1606f25ae9SGregory Neil Shapiro **	NOTE:  This should work everywhere, but Linux has the ability
1706f25ae9SGregory Neil Shapiro **	to use the undocumented setcap() call to make this break.
1806f25ae9SGregory Neil Shapiro **
1940266059SGregory Neil Shapiro **  Compilation is trivial -- just "cc t_setuid.c".  Make it set-user-ID,
2006f25ae9SGregory Neil Shapiro **  root and then execute it as a non-root user.
2106f25ae9SGregory Neil Shapiro */
2206f25ae9SGregory Neil Shapiro 
2306f25ae9SGregory Neil Shapiro #include <sys/types.h>
2406f25ae9SGregory Neil Shapiro #include <unistd.h>
2506f25ae9SGregory Neil Shapiro #include <stdio.h>
2606f25ae9SGregory Neil Shapiro 
2706f25ae9SGregory Neil Shapiro #ifndef lint
2840266059SGregory Neil Shapiro static char id[] = "@(#)$Id: t_setuid.c,v 8.7 2001/09/23 03:35:41 ca Exp $";
2906f25ae9SGregory Neil Shapiro #endif /* ! lint */
3006f25ae9SGregory Neil Shapiro 
3106f25ae9SGregory Neil Shapiro static void
3206f25ae9SGregory Neil Shapiro printuids(str, r, e)
3306f25ae9SGregory Neil Shapiro 	char *str;
3440266059SGregory Neil Shapiro 	uid_t r, e;
3506f25ae9SGregory Neil Shapiro {
3640266059SGregory Neil Shapiro 	printf("%s (should be %d/%d): r/euid=%d/%d\n", str, (int) r, (int) e,
3740266059SGregory Neil Shapiro 	       (int) getuid(), (int) geteuid());
3806f25ae9SGregory Neil Shapiro }
3906f25ae9SGregory Neil Shapiro 
4006f25ae9SGregory Neil Shapiro int
4106f25ae9SGregory Neil Shapiro main(argc, argv)
4206f25ae9SGregory Neil Shapiro 	int argc;
4306f25ae9SGregory Neil Shapiro 	char **argv;
4406f25ae9SGregory Neil Shapiro {
4506f25ae9SGregory Neil Shapiro 	int fail = 0;
4606f25ae9SGregory Neil Shapiro 	uid_t realuid = getuid();
4706f25ae9SGregory Neil Shapiro 
4806f25ae9SGregory Neil Shapiro 	printuids("initial uids", realuid, 0);
4906f25ae9SGregory Neil Shapiro 
5006f25ae9SGregory Neil Shapiro 	if (geteuid() != 0)
5106f25ae9SGregory Neil Shapiro 	{
5240266059SGregory Neil Shapiro 		printf("SETUP ERROR: re-run set-user-ID root\n");
5306f25ae9SGregory Neil Shapiro 		exit(1);
5406f25ae9SGregory Neil Shapiro 	}
5506f25ae9SGregory Neil Shapiro 
5606f25ae9SGregory Neil Shapiro 	if (getuid() == 0)
5706f25ae9SGregory Neil Shapiro 	{
5806f25ae9SGregory Neil Shapiro 		printf("SETUP ERROR: must be run by a non-root user\n");
5906f25ae9SGregory Neil Shapiro 		exit(1);
6006f25ae9SGregory Neil Shapiro 	}
6106f25ae9SGregory Neil Shapiro 
6206f25ae9SGregory Neil Shapiro 	if (setuid(1) < 0)
6306f25ae9SGregory Neil Shapiro 		printf("setuid(1) failure\n");
6406f25ae9SGregory Neil Shapiro 	printuids("after setuid(1)", 1, 1);
6506f25ae9SGregory Neil Shapiro 
6606f25ae9SGregory Neil Shapiro 	if (geteuid() != 1)
6706f25ae9SGregory Neil Shapiro 	{
6806f25ae9SGregory Neil Shapiro 		fail++;
6906f25ae9SGregory Neil Shapiro 		printf("MAYDAY!  Wrong effective uid\n");
7006f25ae9SGregory Neil Shapiro 	}
7106f25ae9SGregory Neil Shapiro 
7206f25ae9SGregory Neil Shapiro 	if (getuid() != 1)
7306f25ae9SGregory Neil Shapiro 	{
7406f25ae9SGregory Neil Shapiro 		fail++;
7506f25ae9SGregory Neil Shapiro 		printf("MAYDAY!  Wrong real uid\n");
7606f25ae9SGregory Neil Shapiro 	}
7706f25ae9SGregory Neil Shapiro 
7806f25ae9SGregory Neil Shapiro 
7906f25ae9SGregory Neil Shapiro 	/* do activity here */
8006f25ae9SGregory Neil Shapiro 	if (setuid(0) == 0)
8106f25ae9SGregory Neil Shapiro 	{
8206f25ae9SGregory Neil Shapiro 		fail++;
8306f25ae9SGregory Neil Shapiro 		printf("MAYDAY!  setuid(0) succeeded (should have failed)\n");
8406f25ae9SGregory Neil Shapiro 	}
8506f25ae9SGregory Neil Shapiro 	else
8606f25ae9SGregory Neil Shapiro 	{
8706f25ae9SGregory Neil Shapiro 		printf("setuid(0) failed (this is correct)\n");
8806f25ae9SGregory Neil Shapiro 	}
8906f25ae9SGregory Neil Shapiro 	printuids("after setuid(0)", 1, 1);
9006f25ae9SGregory Neil Shapiro 
9106f25ae9SGregory Neil Shapiro 	if (geteuid() != 1)
9206f25ae9SGregory Neil Shapiro 	{
9306f25ae9SGregory Neil Shapiro 		fail++;
9406f25ae9SGregory Neil Shapiro 		printf("MAYDAY!  Wrong effective uid\n");
9506f25ae9SGregory Neil Shapiro 	}
9606f25ae9SGregory Neil Shapiro 	if (getuid() != 1)
9706f25ae9SGregory Neil Shapiro 	{
9806f25ae9SGregory Neil Shapiro 		fail++;
9906f25ae9SGregory Neil Shapiro 		printf("MAYDAY!  Wrong real uid\n");
10006f25ae9SGregory Neil Shapiro 	}
10106f25ae9SGregory Neil Shapiro 	printf("\n");
10206f25ae9SGregory Neil Shapiro 
10306f25ae9SGregory Neil Shapiro 	if (fail)
10406f25ae9SGregory Neil Shapiro 	{
10506f25ae9SGregory Neil Shapiro 		printf("\nThis system cannot use setuid (maybe use setreuid)\n");
10606f25ae9SGregory Neil Shapiro 		exit(1);
10706f25ae9SGregory Neil Shapiro 	}
10806f25ae9SGregory Neil Shapiro 
10906f25ae9SGregory Neil Shapiro 	printf("\nIt is safe to use setuid on this system\n");
11006f25ae9SGregory Neil Shapiro 	exit(0);
11106f25ae9SGregory Neil Shapiro }
112