138032Speter/* 290792Sgshapiro * Copyright (c) 1999-2001 Sendmail, Inc. and its suppliers. 390792Sgshapiro * All rights reserved. 490792Sgshapiro * 590792Sgshapiro * By using this file, you agree to the terms and conditions set 690792Sgshapiro * forth in the LICENSE file which can be found at the top level of 790792Sgshapiro * the sendmail distribution. 890792Sgshapiro * 990792Sgshapiro */ 1090792Sgshapiro 1190792Sgshapiro/* 1238032Speter** This program checks to see if your version of seteuid works. 1390792Sgshapiro** Compile it, make it set-user-ID root, and run it as yourself (NOT as 1438032Speter** root). If it won't compile or outputs any MAYDAY messages, don't 1538032Speter** define USESETEUID in conf.h. 1638032Speter** 1738032Speter** NOTE: It is not sufficient to have seteuid in your library. 1838032Speter** You must also have saved uids that function properly. 1938032Speter** 2090792Sgshapiro** Compilation is trivial -- just "cc t_seteuid.c". Make it set-user-ID 2138032Speter** root and then execute it as a non-root user. 2238032Speter*/ 2338032Speter 2438032Speter#include <sys/types.h> 2538032Speter#include <unistd.h> 2638032Speter#include <stdio.h> 2738032Speter 2864562Sgshapiro#ifndef lint 2998121Sgshapirostatic char id[] = "@(#)$Id: t_seteuid.c,v 8.8 2001/09/23 03:35:41 ca Exp $"; 3064562Sgshapiro#endif /* ! lint */ 3164562Sgshapiro 3238032Speter#ifdef __hpux 3364562Sgshapiro# define seteuid(e) setresuid(-1, e, -1) 3464562Sgshapiro#endif /* __hpux */ 3538032Speter 3664562Sgshapirostatic void 3764562Sgshapiroprintuids(str, r, e) 3864562Sgshapiro char *str; 3990792Sgshapiro uid_t r, e; 4038032Speter{ 4190792Sgshapiro printf("%s (should be %d/%d): r/euid=%d/%d\n", str, (int) r, (int) e, 4290792Sgshapiro (int) getuid(), (int) geteuid()); 4364562Sgshapiro} 4464562Sgshapiro 4564562Sgshapiroint 4664562Sgshapiromain(argc, argv) 4764562Sgshapiro int argc; 4864562Sgshapiro char **argv; 4964562Sgshapiro{ 5038032Speter int fail = 0; 5138032Speter uid_t realuid = getuid(); 5238032Speter 5338032Speter printuids("initial uids", realuid, 0); 5438032Speter 5538032Speter if (geteuid() != 0) 5638032Speter { 5790792Sgshapiro printf("SETUP ERROR: re-run set-user-ID root\n"); 5838032Speter exit(1); 5938032Speter } 6038032Speter 6138032Speter if (getuid() == 0) 6238032Speter { 6338032Speter printf("SETUP ERROR: must be run by a non-root user\n"); 6438032Speter exit(1); 6538032Speter } 6638032Speter 6738032Speter if (seteuid(1) < 0) 6838032Speter printf("seteuid(1) failure\n"); 6938032Speter printuids("after seteuid(1)", realuid, 1); 7038032Speter 7138032Speter if (geteuid() != 1) 7238032Speter { 7338032Speter fail++; 7438032Speter printf("MAYDAY! Wrong effective uid\n"); 7538032Speter } 7638032Speter 7738032Speter /* do activity here */ 7838032Speter 7938032Speter if (seteuid(0) < 0) 8038032Speter { 8138032Speter fail++; 8238032Speter printf("seteuid(0) failure\n"); 8338032Speter } 8438032Speter printuids("after seteuid(0)", realuid, 0); 8538032Speter 8638032Speter if (geteuid() != 0) 8738032Speter { 8838032Speter fail++; 8938032Speter printf("MAYDAY! Wrong effective uid\n"); 9038032Speter } 9138032Speter if (getuid() != realuid) 9238032Speter { 9338032Speter fail++; 9438032Speter printf("MAYDAY! Wrong real uid\n"); 9538032Speter } 9638032Speter printf("\n"); 9738032Speter 9838032Speter if (seteuid(2) < 0) 9938032Speter { 10038032Speter fail++; 10138032Speter printf("seteuid(2) failure\n"); 10238032Speter } 10338032Speter printuids("after seteuid(2)", realuid, 2); 10438032Speter 10538032Speter if (geteuid() != 2) 10638032Speter { 10738032Speter fail++; 10838032Speter printf("MAYDAY! Wrong effective uid\n"); 10938032Speter } 11038032Speter 11138032Speter /* do activity here */ 11238032Speter 11338032Speter if (seteuid(0) < 0) 11438032Speter { 11538032Speter fail++; 11638032Speter printf("seteuid(0) failure\n"); 11738032Speter } 11838032Speter printuids("after seteuid(0)", realuid, 0); 11938032Speter 12038032Speter if (geteuid() != 0) 12138032Speter { 12238032Speter fail++; 12338032Speter printf("MAYDAY! Wrong effective uid\n"); 12438032Speter } 12538032Speter if (getuid() != realuid) 12638032Speter { 12738032Speter fail++; 12838032Speter printf("MAYDAY! Wrong real uid\n"); 12938032Speter } 13038032Speter 13138032Speter if (fail) 13238032Speter { 13338032Speter printf("\nThis system cannot use seteuid\n"); 13438032Speter exit(1); 13538032Speter } 13638032Speter 13738032Speter printf("\nIt is safe to define USESETEUID on this system\n"); 13838032Speter exit(0); 13938032Speter} 140