1 /*-
2 * Copyright (c) 2006 nCircle Network Security, Inc.
3 * Copyright (c) 2007 Robert M. M. Watson
4 * All rights reserved.
5 *
6 * This software was developed by Robert N. M. Watson for the TrustedBSD
7 * Project under contract to nCircle Network Security, Inc.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
22 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /*
32 * Confirm that privilege is required in the cases using chown():
33 *
34 * - If the process euid does not match the file uid.
35 *
36 * - If the target uid is different than the current uid.
37 *
38 * - If the target gid changes and we the process is not a member of the new
39 * group.
40 */
41
42 #include <sys/types.h>
43 #include <sys/stat.h>
44
45 #include <err.h>
46 #include <errno.h>
47 #include <stdio.h>
48 #include <unistd.h>
49
50 #include "main.h"
51
52 static char fpath[1024];
53 static int fpath_initialized;
54
55 /*
56 * Check that changing the uid of a file requires privilege.
57 */
58 int
priv_vfs_chown_uid_setup(int asroot,int injail,struct test * test)59 priv_vfs_chown_uid_setup(int asroot, int injail, struct test *test)
60 {
61
62 setup_file("priv_vfs_chown_uid: fpath", fpath, UID_ROOT, GID_WHEEL,
63 0600);
64 fpath_initialized = 1;
65 return (0);
66 }
67
68 void
priv_vfs_chown_uid(int asroot,int injail,struct test * test)69 priv_vfs_chown_uid(int asroot, int injail, struct test *test)
70 {
71 int error;
72
73 error = chown(fpath, UID_OWNER, -1);
74 if (asroot && injail)
75 expect("priv_vfs_chown_uid(root, jail)", error, 0, 0);
76 if (asroot && !injail)
77 expect("priv_vfs_chown_uid(root, !jail)", error, 0, 0);
78 if (!asroot && injail)
79 expect("priv_vfs_chown_uid(!root, jail)", error, -1, EPERM);
80 if (!asroot && !injail)
81 expect("priv_vfs_chown_uid(!root, !jail)", error, -1, EPERM);
82 }
83
84 /*
85 * Check that changing the gid of a file owned by the user is allowed without
86 * privilege as long as the gid matches the process.
87 */
88 int
priv_vfs_chown_mygid_setup(int asroot,int injail,struct test * test)89 priv_vfs_chown_mygid_setup(int asroot, int injail, struct test *test)
90 {
91
92 /*
93 * Create a file with a matching uid to the test process, but not a
94 * matching gid.
95 */
96 setup_file("priv_vfs_chown_mygid: fpath", fpath, asroot ? UID_ROOT :
97 UID_OWNER, GID_OTHER, 0600);
98 fpath_initialized = 1;
99 return (0);
100 }
101
102 void
priv_vfs_chown_mygid(int asroot,int injail,struct test * test)103 priv_vfs_chown_mygid(int asroot, int injail, struct test *test)
104 {
105 int error;
106
107 error = chown(fpath, -1, asroot ? GID_WHEEL : GID_OWNER);
108 if (asroot && injail)
109 expect("priv_vfs_chown_mygid(root, jail)", error, 0, 0);
110 if (asroot && !injail)
111 expect("priv_vfs_chown_mygid(root, !jail)", error, 0, 0);
112 if (!asroot && injail)
113 expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0);
114 if (!asroot && !injail)
115 expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0);
116 }
117
118 /*
119 * Check that changing the gid of a file owned by the user is not allowed
120 * without privilege if the gid doesn't match the process.
121 */
122 int
priv_vfs_chown_othergid_setup(int asroot,int injail,struct test * test)123 priv_vfs_chown_othergid_setup(int asroot, int injail, struct test *test)
124 {
125
126 /*
127 * Create a file with a matching uid to the test process with a
128 * matching gid.
129 */
130 setup_file("priv_vfs_chown_othergid: fpath", fpath, asroot ? UID_ROOT
131 : UID_OWNER, asroot ? GID_WHEEL : GID_OWNER, 0600);
132 fpath_initialized = 1;
133 return (0);
134 }
135
136 void
priv_vfs_chown_othergid(int asroot,int injail,struct test * test)137 priv_vfs_chown_othergid(int asroot, int injail, struct test *test)
138 {
139 int error;
140
141 error = chown(fpath, -1, GID_OTHER);
142 if (asroot && injail)
143 expect("priv_vfs_chown_othergid(root, jail)", error, 0, 0);
144 if (asroot && !injail)
145 expect("priv_vfs_chown_othergid(root, !jail)", error, 0, 0);
146 if (!asroot && injail)
147 expect("priv_vfs_chown_othergid(!root, !jail)", error, -1,
148 EPERM);
149 if (!asroot && !injail)
150 expect("priv_vfs_chown_othergid(!root, !jail)", error, -1,
151 EPERM);
152 }
153
154 void
priv_vfs_chown_cleanup(int asroot,int injail,struct test * test)155 priv_vfs_chown_cleanup(int asroot, int injail, struct test *test)
156 {
157
158 if (fpath_initialized) {
159 (void)unlink(fpath);
160 fpath_initialized = 0;
161 }
162 }
163