1 /*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. 3 * All rights reserved. 4 * 5 * This software was developed by Robert N. M. Watson for the TrustedBSD 6 * Project under contract to nCircle Network Security, Inc. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 /* 33 * Check that privilege is required to set the sticky bit on a file, but not 34 * a directory. Try with and without privilege. 35 */ 36 37 #include <sys/stat.h> 38 39 #include <err.h> 40 #include <errno.h> 41 #include <unistd.h> 42 43 #include "main.h" 44 45 static void 46 cleanup(const char *fpath, const char *dpath) 47 { 48 49 (void)seteuid(UID_ROOT); 50 (void)unlink(fpath); 51 if (dpath != NULL) 52 (void)rmdir(dpath); 53 } 54 55 void 56 priv_vfs_stickyfile(void) 57 { 58 char fpath[1024] = "/tmp/stickyfile.XXXXXXXXXXX"; 59 char dpath[1024] = "/tmp/stickyfile.XXXXXXXXXXX", *dpathp; 60 int error, fd; 61 62 assert_root(); 63 64 fd = mkstemp(fpath); 65 if (fd < 0) 66 err(-1, "mkstemp"); 67 68 dpathp = mkdtemp(dpath); 69 if (dpathp == NULL) { 70 warn("mkdtemp"); 71 goto out; 72 } 73 74 /* 75 * First, with privilege, set and clear the sticky bit on the file 76 * and directory. 77 */ 78 if (fchmod(fd, 0600 | S_ISTXT) < 0) { 79 warn("fchmod(%s, 0600 | S_ISTXT) on file as root", fpath); 80 goto out; 81 } 82 83 if (chmod(dpathp, 0700 | S_ISTXT) < 0) { 84 warn("chmod(%s, 0600 | S_ISTXT) on dir as root", dpath); 85 goto out; 86 } 87 88 /* 89 * Reset to remove sticky bit before changing credential. 90 */ 91 if (fchmod(fd, 0600) < 0) { 92 warn("fchmod(%s, 0600) on file as root", fpath); 93 goto out; 94 } 95 96 if (chmod(dpath, 0700) < 0) { 97 warn("chmod(%s, 0600) on dir as root", dpath); 98 goto out; 99 } 100 101 /* 102 * Chown the file and directory to target user -- we're checking for 103 * the specific right to set the sticky bit, not the general right to 104 * chmod(). 105 */ 106 if (fchown(fd, UID_OTHER, -1) < 0) { 107 warn("fchown(%s, %d, -1)", fpath, UID_OTHER); 108 goto out; 109 } 110 111 if (chown(dpath, UID_OTHER, -1) < 0) { 112 warn("chown(%s, %d, -1)", fpath, UID_OTHER); 113 goto out; 114 } 115 116 /* 117 * Change credential and try again. 118 */ 119 set_euid(UID_OTHER); 120 121 error = fchmod(fd, 0600 | S_ISTXT); 122 if (error == 0) { 123 warnx("fchmod(%s, 0600 | S_ISTXT) succeeded on file as " 124 "!root", fpath); 125 goto out; 126 } 127 if (errno != EFTYPE) { 128 warn("fchmod(%s, 0600 | S_ISTXT) wrong errno %d as !root", 129 fpath, errno); 130 goto out; 131 } 132 133 if (chmod(dpathp, 0700 | S_ISTXT) < 0) { 134 warn("chmod(%s, 0600 | S_ISTXT) on dir as !root", dpath); 135 goto out; 136 } 137 out: 138 setuid(UID_ROOT); 139 cleanup(fpath, dpathp); 140 } 141