blob: 5d307c9fed63ce1ae6544018735c38fa303b3b6a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
/*++
/* NAME
/* unsafe 3
/* SUMMARY
/* are we running at non-user privileges
/* SYNOPSIS
/* #include <safe.h>
/*
/* int unsafe()
/* DESCRIPTION
/* The \fBunsafe()\fR routine attempts to determine if the process
/* (runs with privileges or has access to information) that the
/* controlling user has no access to. The purpose is to prevent
/* misuse of privileges, including access to protected information.
/*
/* The result is always false when both of the following conditions
/* are true:
/* .IP \(bu
/* The real UID is zero.
/* .IP \(bu
/* The effective UID is zero.
/* .PP
/* Otherwise, the result is true if any of the following conditions
/* is true:
/* .IP \(bu
/* The issetuid kernel flag is non-zero (on systems that support
/* this concept).
/* .IP \(bu
/* The real and effective user id differ.
/* .IP \(bu
/* The real and effective group id differ.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <unistd.h>
/* Utility library. */
#include "safe.h"
/* unsafe - can we trust user-provided environment, working directory, etc. */
int unsafe(void)
{
/*
* The super-user is trusted.
*/
if (getuid() == 0 && geteuid() == 0)
return (0);
/*
* Danger: don't trust inherited process attributes, and don't leak
* privileged info that the parent has no access to.
*/
return (geteuid() != getuid()
#ifdef HAS_ISSETUGID
|| issetugid()
#endif
|| getgid() != getegid());
}
|
