xref: /freebsd/tools/regression/priv/priv_sysctl_write.c (revision 9fa5f6b4b9580e7fd6829e3f4a267499d0ad3af1) 
19fa5f6b4SRobert Watson /*-
29fa5f6b4SRobert Watson  * Copyright (c) 2006 nCircle Network Security, Inc.
39fa5f6b4SRobert Watson  * All rights reserved.
49fa5f6b4SRobert Watson  *
59fa5f6b4SRobert Watson  * This software was developed by Robert N. M. Watson for the TrustedBSD
69fa5f6b4SRobert Watson  * Project under contract to nCircle Network Security, Inc.
79fa5f6b4SRobert Watson  *
89fa5f6b4SRobert Watson  * Redistribution and use in source and binary forms, with or without
99fa5f6b4SRobert Watson  * modification, are permitted provided that the following conditions
109fa5f6b4SRobert Watson  * are met:
119fa5f6b4SRobert Watson  * 1. Redistributions of source code must retain the above copyright
129fa5f6b4SRobert Watson  *    notice, this list of conditions and the following disclaimer.
139fa5f6b4SRobert Watson  * 2. Redistributions in binary form must reproduce the above copyright
149fa5f6b4SRobert Watson  *    notice, this list of conditions and the following disclaimer in the
159fa5f6b4SRobert Watson  *    documentation and/or other materials provided with the distribution.
169fa5f6b4SRobert Watson  *
179fa5f6b4SRobert Watson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
189fa5f6b4SRobert Watson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
199fa5f6b4SRobert Watson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
209fa5f6b4SRobert Watson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
219fa5f6b4SRobert Watson  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
229fa5f6b4SRobert Watson  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
239fa5f6b4SRobert Watson  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
249fa5f6b4SRobert Watson  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
259fa5f6b4SRobert Watson  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
269fa5f6b4SRobert Watson  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
279fa5f6b4SRobert Watson  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
289fa5f6b4SRobert Watson  *
299fa5f6b4SRobert Watson  * $FreeBSD$
309fa5f6b4SRobert Watson  */
319fa5f6b4SRobert Watson 
329fa5f6b4SRobert Watson /*
339fa5f6b4SRobert Watson  * Test that sysctls can only be written with privilege by trying first with,
349fa5f6b4SRobert Watson  * then without privilege.  Do this by first reading, then setting the
359fa5f6b4SRobert Watson  * hostname as a no-op.
369fa5f6b4SRobert Watson  */
379fa5f6b4SRobert Watson 
389fa5f6b4SRobert Watson #include <sys/types.h>
399fa5f6b4SRobert Watson #include <sys/sysctl.h>
409fa5f6b4SRobert Watson 
419fa5f6b4SRobert Watson #include <err.h>
429fa5f6b4SRobert Watson #include <errno.h>
439fa5f6b4SRobert Watson #include <string.h>
449fa5f6b4SRobert Watson #include <unistd.h>
459fa5f6b4SRobert Watson 
469fa5f6b4SRobert Watson #include "main.h"
479fa5f6b4SRobert Watson 
489fa5f6b4SRobert Watson #define KERN_HOSTNAME_STRING	"kern.hostname"
499fa5f6b4SRobert Watson 
509fa5f6b4SRobert Watson void
519fa5f6b4SRobert Watson priv_sysctl_write(void)
529fa5f6b4SRobert Watson {
539fa5f6b4SRobert Watson 	char buffer[1024];
549fa5f6b4SRobert Watson 	size_t len;
559fa5f6b4SRobert Watson 	int error;
569fa5f6b4SRobert Watson 
579fa5f6b4SRobert Watson 	assert_root();
589fa5f6b4SRobert Watson 
599fa5f6b4SRobert Watson 	/*
609fa5f6b4SRobert Watson 	 * First query the current value.
619fa5f6b4SRobert Watson 	 */
629fa5f6b4SRobert Watson 	len = sizeof(buffer);
639fa5f6b4SRobert Watson 	error = sysctlbyname(KERN_HOSTNAME_STRING, buffer, &len, NULL, 0);
649fa5f6b4SRobert Watson 	if (error)
659fa5f6b4SRobert Watson 		err(-1, "sysctlbyname(\"%s\") query", KERN_HOSTNAME_STRING);
669fa5f6b4SRobert Watson 
679fa5f6b4SRobert Watson 	/*
689fa5f6b4SRobert Watson 	 * Now try to set with privilege.
699fa5f6b4SRobert Watson 	 */
709fa5f6b4SRobert Watson 	error = sysctlbyname(KERN_HOSTNAME_STRING, NULL, NULL, buffer,
719fa5f6b4SRobert Watson 	    strlen(buffer));
729fa5f6b4SRobert Watson 	if (error)
739fa5f6b4SRobert Watson 		err(-1, "sysctlbyname(\"%s\") set as root",
749fa5f6b4SRobert Watson 		    KERN_HOSTNAME_STRING);
759fa5f6b4SRobert Watson 
769fa5f6b4SRobert Watson 	/*
779fa5f6b4SRobert Watson 	 * Now without privilege.
789fa5f6b4SRobert Watson 	 */
799fa5f6b4SRobert Watson 	set_euid(UID_OTHER);
809fa5f6b4SRobert Watson 
819fa5f6b4SRobert Watson 	error = sysctlbyname(KERN_HOSTNAME_STRING, NULL, NULL, buffer,
829fa5f6b4SRobert Watson 	    strlen(buffer));
839fa5f6b4SRobert Watson 	if (error == 0)
849fa5f6b4SRobert Watson 		errx(-1, "sysctlbyname(\"%s\") succeeded as !root",
859fa5f6b4SRobert Watson 		    KERN_HOSTNAME_STRING);
869fa5f6b4SRobert Watson 	if (errno != EPERM)
879fa5f6b4SRobert Watson 		err(-1, "sysctlbyname(\"%s\") wrong errno %d",
889fa5f6b4SRobert Watson 		    KERN_HOSTNAME_STRING, errno);
899fa5f6b4SRobert Watson }
90