1 /*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. 3 * Copyright (c) 2007 Robert M. M. Watson 4 * All rights reserved. 5 * 6 * This software was developed by Robert N. M. Watson for the TrustedBSD 7 * Project under contract to nCircle Network Security, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 22 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* 32 * Confirm that privilege is required in the cases using chown(): 33 * 34 * - If the process euid does not match the file uid. 35 * 36 * - If the target uid is different than the current uid. 37 * 38 * - If the target gid changes and we the process is not a member of the new 39 * group. 40 */ 41 42 #include <sys/types.h> 43 #include <sys/stat.h> 44 45 #include <err.h> 46 #include <errno.h> 47 #include <stdio.h> 48 #include <unistd.h> 49 50 #include "main.h" 51 52 static char fpath[1024]; 53 static int fpath_initialized; 54 55 /* 56 * Check that changing the uid of a file requires privilege. 57 */ 58 int 59 priv_vfs_chown_uid_setup(int asroot, int injail, struct test *test) 60 { 61 62 setup_file("priv_vfs_chown_uid: fpath", fpath, UID_ROOT, GID_WHEEL, 63 0600); 64 fpath_initialized = 1; 65 return (0); 66 } 67 68 void 69 priv_vfs_chown_uid(int asroot, int injail, struct test *test) 70 { 71 int error; 72 73 error = chown(fpath, UID_OWNER, -1); 74 if (asroot && injail) 75 expect("priv_vfs_chown_uid(root, jail)", error, 0, 0); 76 if (asroot && !injail) 77 expect("priv_vfs_chown_uid(root, !jail)", error, 0, 0); 78 if (!asroot && injail) 79 expect("priv_vfs_chown_uid(!root, jail)", error, -1, EPERM); 80 if (!asroot && !injail) 81 expect("priv_vfs_chown_uid(!root, !jail)", error, -1, EPERM); 82 } 83 84 /* 85 * Check that changing the gid of a file owned by the user is allowed without 86 * privilege as long as the gid matches the process. 87 */ 88 int 89 priv_vfs_chown_mygid_setup(int asroot, int injail, struct test *test) 90 { 91 92 /* 93 * Create a file with a matching uid to the test process, but not a 94 * matching gid. 95 */ 96 setup_file("priv_vfs_chown_mygid: fpath", fpath, asroot ? UID_ROOT : 97 UID_OWNER, GID_OTHER, 0600); 98 fpath_initialized = 1; 99 return (0); 100 } 101 102 void 103 priv_vfs_chown_mygid(int asroot, int injail, struct test *test) 104 { 105 int error; 106 107 error = chown(fpath, -1, asroot ? GID_WHEEL : GID_OWNER); 108 if (asroot && injail) 109 expect("priv_vfs_chown_mygid(root, jail)", error, 0, 0); 110 if (asroot && !injail) 111 expect("priv_vfs_chown_mygid(root, !jail)", error, 0, 0); 112 if (!asroot && injail) 113 expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0); 114 if (!asroot && !injail) 115 expect("priv_vfs_chown_mygid(!root, !jail)", error, 0, 0); 116 } 117 118 /* 119 * Check that changing the gid of a file owned by the user is not allowed 120 * without privilege if the gid doesn't match the process. 121 */ 122 int 123 priv_vfs_chown_othergid_setup(int asroot, int injail, struct test *test) 124 { 125 126 /* 127 * Create a file with a matching uid to the test process with a 128 * matching gid. 129 */ 130 setup_file("priv_vfs_chown_othergid: fpath", fpath, asroot ? UID_ROOT 131 : UID_OWNER, asroot ? GID_WHEEL : GID_OWNER, 0600); 132 fpath_initialized = 1; 133 return (0); 134 } 135 136 void 137 priv_vfs_chown_othergid(int asroot, int injail, struct test *test) 138 { 139 int error; 140 141 error = chown(fpath, -1, GID_OTHER); 142 if (asroot && injail) 143 expect("priv_vfs_chown_othergid(root, jail)", error, 0, 0); 144 if (asroot && !injail) 145 expect("priv_vfs_chown_othergid(root, !jail)", error, 0, 0); 146 if (!asroot && injail) 147 expect("priv_vfs_chown_othergid(!root, !jail)", error, -1, 148 EPERM); 149 if (!asroot && !injail) 150 expect("priv_vfs_chown_othergid(!root, !jail)", error, -1, 151 EPERM); 152 } 153 154 void 155 priv_vfs_chown_cleanup(int asroot, int injail, struct test *test) 156 { 157 158 if (fpath_initialized) { 159 (void)unlink(fpath); 160 fpath_initialized = 0; 161 } 162 } 163