106f25ae9SGregory Neil Shapiro /* 25dd76dd0SGregory Neil Shapiro * Copyright (c) 2001 Proofpoint, Inc. and its suppliers. 340266059SGregory Neil Shapiro * All rights reserved. 440266059SGregory Neil Shapiro * 540266059SGregory Neil Shapiro * By using this file, you agree to the terms and conditions set 640266059SGregory Neil Shapiro * forth in the LICENSE file which can be found at the top level of 740266059SGregory Neil Shapiro * the sendmail distribution. 840266059SGregory Neil Shapiro * 940266059SGregory Neil Shapiro */ 1040266059SGregory Neil Shapiro 1140266059SGregory Neil Shapiro /* 1206f25ae9SGregory Neil Shapiro ** This program checks to see if your version of setuid works. 1340266059SGregory Neil Shapiro ** Compile it, make it set-user-ID root, and run it as yourself (NOT as 1406f25ae9SGregory Neil Shapiro ** root). 1506f25ae9SGregory Neil Shapiro ** 1606f25ae9SGregory Neil Shapiro ** NOTE: This should work everywhere, but Linux has the ability 1706f25ae9SGregory Neil Shapiro ** to use the undocumented setcap() call to make this break. 1806f25ae9SGregory Neil Shapiro ** 1940266059SGregory Neil Shapiro ** Compilation is trivial -- just "cc t_setuid.c". Make it set-user-ID, 2006f25ae9SGregory Neil Shapiro ** root and then execute it as a non-root user. 2106f25ae9SGregory Neil Shapiro */ 2206f25ae9SGregory Neil Shapiro 2306f25ae9SGregory Neil Shapiro #include <sys/types.h> 2406f25ae9SGregory Neil Shapiro #include <unistd.h> 2506f25ae9SGregory Neil Shapiro #include <stdio.h> 2606f25ae9SGregory Neil Shapiro 2706f25ae9SGregory Neil Shapiro #ifndef lint 28*4313cc83SGregory Neil Shapiro static char id[] = "@(#)$Id: t_setuid.c,v 8.8 2013-11-22 20:52:01 ca Exp $"; 2906f25ae9SGregory Neil Shapiro #endif /* ! lint */ 3006f25ae9SGregory Neil Shapiro 3106f25ae9SGregory Neil Shapiro static void 3206f25ae9SGregory Neil Shapiro printuids(str, r, e) 3306f25ae9SGregory Neil Shapiro char *str; 3440266059SGregory Neil Shapiro uid_t r, e; 3506f25ae9SGregory Neil Shapiro { 3640266059SGregory Neil Shapiro printf("%s (should be %d/%d): r/euid=%d/%d\n", str, (int) r, (int) e, 3740266059SGregory Neil Shapiro (int) getuid(), (int) geteuid()); 3806f25ae9SGregory Neil Shapiro } 3906f25ae9SGregory Neil Shapiro 4006f25ae9SGregory Neil Shapiro int 4106f25ae9SGregory Neil Shapiro main(argc, argv) 4206f25ae9SGregory Neil Shapiro int argc; 4306f25ae9SGregory Neil Shapiro char **argv; 4406f25ae9SGregory Neil Shapiro { 4506f25ae9SGregory Neil Shapiro int fail = 0; 4606f25ae9SGregory Neil Shapiro uid_t realuid = getuid(); 4706f25ae9SGregory Neil Shapiro 4806f25ae9SGregory Neil Shapiro printuids("initial uids", realuid, 0); 4906f25ae9SGregory Neil Shapiro 5006f25ae9SGregory Neil Shapiro if (geteuid() != 0) 5106f25ae9SGregory Neil Shapiro { 5240266059SGregory Neil Shapiro printf("SETUP ERROR: re-run set-user-ID root\n"); 5306f25ae9SGregory Neil Shapiro exit(1); 5406f25ae9SGregory Neil Shapiro } 5506f25ae9SGregory Neil Shapiro 5606f25ae9SGregory Neil Shapiro if (getuid() == 0) 5706f25ae9SGregory Neil Shapiro { 5806f25ae9SGregory Neil Shapiro printf("SETUP ERROR: must be run by a non-root user\n"); 5906f25ae9SGregory Neil Shapiro exit(1); 6006f25ae9SGregory Neil Shapiro } 6106f25ae9SGregory Neil Shapiro 6206f25ae9SGregory Neil Shapiro if (setuid(1) < 0) 6306f25ae9SGregory Neil Shapiro printf("setuid(1) failure\n"); 6406f25ae9SGregory Neil Shapiro printuids("after setuid(1)", 1, 1); 6506f25ae9SGregory Neil Shapiro 6606f25ae9SGregory Neil Shapiro if (geteuid() != 1) 6706f25ae9SGregory Neil Shapiro { 6806f25ae9SGregory Neil Shapiro fail++; 6906f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong effective uid\n"); 7006f25ae9SGregory Neil Shapiro } 7106f25ae9SGregory Neil Shapiro 7206f25ae9SGregory Neil Shapiro if (getuid() != 1) 7306f25ae9SGregory Neil Shapiro { 7406f25ae9SGregory Neil Shapiro fail++; 7506f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong real uid\n"); 7606f25ae9SGregory Neil Shapiro } 7706f25ae9SGregory Neil Shapiro 7806f25ae9SGregory Neil Shapiro 7906f25ae9SGregory Neil Shapiro /* do activity here */ 8006f25ae9SGregory Neil Shapiro if (setuid(0) == 0) 8106f25ae9SGregory Neil Shapiro { 8206f25ae9SGregory Neil Shapiro fail++; 8306f25ae9SGregory Neil Shapiro printf("MAYDAY! setuid(0) succeeded (should have failed)\n"); 8406f25ae9SGregory Neil Shapiro } 8506f25ae9SGregory Neil Shapiro else 8606f25ae9SGregory Neil Shapiro { 8706f25ae9SGregory Neil Shapiro printf("setuid(0) failed (this is correct)\n"); 8806f25ae9SGregory Neil Shapiro } 8906f25ae9SGregory Neil Shapiro printuids("after setuid(0)", 1, 1); 9006f25ae9SGregory Neil Shapiro 9106f25ae9SGregory Neil Shapiro if (geteuid() != 1) 9206f25ae9SGregory Neil Shapiro { 9306f25ae9SGregory Neil Shapiro fail++; 9406f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong effective uid\n"); 9506f25ae9SGregory Neil Shapiro } 9606f25ae9SGregory Neil Shapiro if (getuid() != 1) 9706f25ae9SGregory Neil Shapiro { 9806f25ae9SGregory Neil Shapiro fail++; 9906f25ae9SGregory Neil Shapiro printf("MAYDAY! Wrong real uid\n"); 10006f25ae9SGregory Neil Shapiro } 10106f25ae9SGregory Neil Shapiro printf("\n"); 10206f25ae9SGregory Neil Shapiro 10306f25ae9SGregory Neil Shapiro if (fail) 10406f25ae9SGregory Neil Shapiro { 10506f25ae9SGregory Neil Shapiro printf("\nThis system cannot use setuid (maybe use setreuid)\n"); 10606f25ae9SGregory Neil Shapiro exit(1); 10706f25ae9SGregory Neil Shapiro } 10806f25ae9SGregory Neil Shapiro 10906f25ae9SGregory Neil Shapiro printf("\nIt is safe to use setuid on this system\n"); 11006f25ae9SGregory Neil Shapiro exit(0); 11106f25ae9SGregory Neil Shapiro } 112