1 /*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. 3 * All rights reserved. 4 * 5 * This software was developed by Robert N. M. Watson for the TrustedBSD 6 * Project under contract to nCircle Network Security, Inc. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 /* 33 * Test that sysctls can only be written with privilege by trying first with, 34 * then without privilege. Do this by first reading, then setting the 35 * hostname as a no-op. 36 */ 37 38 #include <sys/types.h> 39 #include <sys/sysctl.h> 40 41 #include <err.h> 42 #include <errno.h> 43 #include <string.h> 44 #include <unistd.h> 45 46 #include "main.h" 47 48 #define KERN_HOSTNAME_STRING "kern.hostname" 49 50 void 51 priv_sysctl_write(void) 52 { 53 char buffer[1024]; 54 size_t len; 55 int error; 56 57 assert_root(); 58 59 /* 60 * First query the current value. 61 */ 62 len = sizeof(buffer); 63 error = sysctlbyname(KERN_HOSTNAME_STRING, buffer, &len, NULL, 0); 64 if (error) 65 err(-1, "sysctlbyname(\"%s\") query", KERN_HOSTNAME_STRING); 66 67 /* 68 * Now try to set with privilege. 69 */ 70 error = sysctlbyname(KERN_HOSTNAME_STRING, NULL, NULL, buffer, 71 strlen(buffer)); 72 if (error) 73 err(-1, "sysctlbyname(\"%s\") set as root", 74 KERN_HOSTNAME_STRING); 75 76 /* 77 * Now without privilege. 78 */ 79 set_euid(UID_OTHER); 80 81 error = sysctlbyname(KERN_HOSTNAME_STRING, NULL, NULL, buffer, 82 strlen(buffer)); 83 if (error == 0) 84 errx(-1, "sysctlbyname(\"%s\") succeeded as !root", 85 KERN_HOSTNAME_STRING); 86 if (errno != EPERM) 87 err(-1, "sysctlbyname(\"%s\") wrong errno %d", 88 KERN_HOSTNAME_STRING, errno); 89 } 90