diff options
Diffstat (limited to 'gnu/usr.sbin/sendmail/test')
| -rw-r--r-- | gnu/usr.sbin/sendmail/test/Results | 160 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/test/t_exclopen.c | 103 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/test/t_pathconf.c | 74 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/test/t_seteuid.c | 129 | ||||
| -rw-r--r-- | gnu/usr.sbin/sendmail/test/t_setreuid.c | 141 |
5 files changed, 607 insertions, 0 deletions
diff --git a/gnu/usr.sbin/sendmail/test/Results b/gnu/usr.sbin/sendmail/test/Results new file mode 100644 index 00000000000..b8a73f22bf7 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/Results @@ -0,0 +1,160 @@ +The following are results of running t_setreuid on various architectures. + +OPSYS VERSION STATUS DATE TESTER/NOTES +===== ======= ====== ==== ============ + +SunOS 4.1 OK 93.07.19 eric +SunOS 4.1.2 OK 93.07.19 eric +SunOS 4.1.3 OK 93.09.25 Robert Elz + +BSD 4.4 OK 93.07.19 eric (wierd results, but functional) +BSD 4.3Utah OK 93.07.19 eric + +FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen <mrcpu@cdsnet.net> + +Ultrix 4.2A OK 93.07.19 eric +Ultrix 4.3A OK 93.07.19 Allan Johannesen +Ultrix 4.5 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> + +HP-UX 8.07 OK 93.07.19 eric (on 7xx series) +HP-UX 8.02 OK 93.07.19 Michael Corrigan (on 8xx series) +HP-UX 8.00 OK 93.07.21 Michael Corrigan (on 3xx/4xx series) +HP-UX 9.01 OK 93.11.19 Cassidy (on 7xx series) + +Solaris 2.1 +Solaris 2.2 FAIL 93.07.19 Bill Wisner +Solaris 2.3 FAIL 95.11.22 Scott J. Kramer <sjk@lux.com> +Solaris 2.5 OK 96.02.29 Carson Gaspar <carson@lehman.com> +Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro <gshapiro@wpi.edu> + +OSF/1 T1.3-4 OK 93.07.19 eric (on DEC Alpha) +OSF/1 1.3 OK 94.12.10 Jeff A. Earickson (on Intel Paragon) +OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> +OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> + +CxOS 11.5 OK 96.07.08 Eric Schnoebelen <eric@cirr.com> +CxOS 11.0 OK 93.01.21 Eric Schnoebelen (CxOS 11.0 beta 1) +CxOS 10.x OK 93.01.21 Eric Schnoebelen + +AIX 3.1.5 FAIL 93.08.07 David J. N. Begley +AIX 3.2.3e FAIL 93.07.26 Steve Bauer <sbauer@silver.sdsmt.edu> +AIX 3.2.4 FAIL 93.10.07 David J. N. Begley +AIX 3.2.5 FAIL 94.05.17 Steve Bauer <sbauer@hpcmmib.hpc.sdsmt.edu> +AIX 4.1 FAIL 96.10.21 Hakan Lindholm <hakan@af.lu.se> +AIX 4.2 OK 96.10.16 Steve Bauer <sbauer@krypton.hpc.sdsmt.edu> + +IRIX 4.0.4 OK 93.09.25 Robert Elz +IRIX 5.2 OK 94.12.06 Mark Andrews <mandrews@alias.com> +IRIX 5.3 OK 94.12.06 Mark Andrews <mandrews@alias.com> +IRIX 6.2 OK 96.09.16 Kari E. Hurtta <Kari.Hurtta@ozone.FMI.FI> +IRIX 6.3 OK 97.02.10 Mark Andrews <mandrews@aw.sgi.com> + +SCO 3.2v4.0 OK 93.10.02 Peter Wemm (with -lsocket from 3.2v4 devsys) + +NeXT 2.1 OK 93.07.28 eric +NeXT 3.0 OK 34.05.05 Kevin John Wang <kwang@lore.acs.calpoly.edu> + +Linux 0.99p10 OK 93.08.08 Karl London +Linux 0.99p13 OK 93.09.27 Christian Kuhtz +Linux 0.99p14 OK 93.11.30 Christian Kuhtz <chk@data-hh.Hanse.DE> +Linux 1.0 OK 94.03.19 Shayne Smith <snsmith@rastus.brisnet.org.au> +Linux 1.2.13 OK 95.11.02 Sven Neuhaus <sven@ping.de> +Linux 2.0.17 OK 96.09.03 Horst von Brand <vonbrand@sleipnir.valparaiso.cl> +Linux 2.1.109 OK 98.07.21 John Kennedy <jk@csuchico.edu> + +BSD/386 1.0 OK 93.11.13 Tony Sanders + +DELL 2.2 OK 93.11.15 Peter Wemm (using -DSETEUID) + +Pyramid 5.0d OK 95.01.14 David Miller <davem@nadzieja.rutgers.edu> + + + +The following are results of running t_seteuid on various architectures. + +OPSYS VERSION STATUS DATE TESTER/NOTES +===== ======= ====== ==== ============ + +Solaris 2.3 OK 95.11.22 Scott J. Kramer <sjk@lux.com> +Solaris 2.4 OK 95.09.22 Thomas 'Mike' Michlmayr <mike@cosy.sbg.ac.at> +Solaris 2.5 OK 96.02.29 Carson Gaspar <carson@lehman.com> +Solaris 2.5.1 OK 96.11.29 Gregory Neil Shapiro <gshapiro@wpi.edu> + +Linux 1.2.13 FAIL 95.11.02 Sven Neuhaus <sven@ping.de> +Linux 2.0.17 FAIL 96.09.03 Horst von Brand <vonbrand@sleipnir.valparaiso.cl> +Linux 2.1.109 FAIL 98.07.21 John Kennedy <jk@csuchico.edu> + +AIX 4.1 OK 96.10.21 Hakan Lindholm <hakan@af.lu.se> + +IRIX 5.2 OK 95.12.01 Mark Andrews <mandrews@aw.sgi.com> +IRIX 5.3 OK 95.12.01 Mark Andrews <mandrews@aw.sgi.com> +IRIX 6.2 OK 96.09.16 Kari E. Hurtta <Kari.Hurtta@ozone.FMI.FI> +IRIX 6.3 OK 97.02.10 Mark Andrews <mandrews@aw.sgi.com> + +FreeBSD 2.1-sta OK 96.04.14 Jaye Mathisen <mrcpu@cdsnet.net> + +Ultrix 4.5 FAIL 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> + +OSF/1 3.2D OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> +OSF/1 4.0 OK 96.09.18 Gregory Neil Shapiro <gshapiro@wpi.edu> + +CxOS 11.5 FAIL 96.07.08 Eric Schnoebelen <eric@cirr.com> + + +The following are the results of running t_pathconf.c. Safe means that +the underlying filesystem (in NFS, the filesystem on the server) does not +permit regular (non-root) users to chown their files to another user. +Unsafe means that they can. Typically, BSD-based systems do not permit +giveaway and System V-based systems do. However, some systems (e.g., +Solaris) can set this on a per-system or per-filesystem basis. Entries +are the return value of pathconf, the errno value, and a * if chown +disagreed with the result of the pathconf call, and a ? if the test has +not been run. A mark of [R] means that the local filesystem has +chown set to be restricted, [U] means that it is set to be unrestricted. + + Safe Filesystem Unsafe Filesystem +SYSTEM LOCAL NFS-V2 NFS-V3 NFS-V2 NFS-V3 + +SunOS 4.1.3_U1 1/0 -1/EINVAL* n/a -1/EINVAL? n/a +SunOS 4.1.4 1/0 -1/EINVAL* n/a -1/EINVAL n/a + +AIX 3.2 0/0 0/0 + +Solaris 2.4 1/0 -1/EINVAL* +Solaris 2.5 1/0 -1/EINVAL* 1/0 0/0? +Solaris 2.5.1 1/0 -1/EINVAL* 0/0 + +DEC OSF1 3.0 0/0 0/0 +DEC OSF1 3.2D-2 0/0 0/0 0/0 +DEC OSF1 4.0A 0/0 0/0 0/0 +DEC OSF 4.0B 0/0 0/0 0/0 + +Ultrix 4.3 0/0 0/0 n/a n/a +Ultrix 4.5 1/0 1/0 + +HP-UX 9.05 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP +HP-UX 9.05[R] 1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP* +HP-UX 10.10 -1/0 -1/EOPNOTSUPP* -1/EOPNOTSUPP +HP-UX 10.20 -1/EOPNOTSUPP? -1/EOPNOTSUPP? +HP-UX 10.30 -1/0 -1/EOPNOTSUPP -1/EOPNOTSUPP + +BSD/OS 2.1 1/0 + +FreeBSD 2.1.7 1/0 -1/EINVAL* -1/EINVAL + +Irix 5.3 -1/0* -1/0 +Irix 6.2 1/0 -1/0 0/0* +Irix 6.2 -1/0 -1/0 +Irix 6.3 R10000 -1/0 -1/0 0/0* + +A/UX 3.1.1 1/0 + +DomainOS [R] -1/0* +DomainOS [U] -1/0 + +NCR MP-RAS 2 -1/0 +NCR MP-RAS 3 -1/0 + +Linux 2.0.27 1/0 1/0 + +$Revision: 1.1 $, Last updated $Date: 2000/04/02 19:05:49 $ diff --git a/gnu/usr.sbin/sendmail/test/t_exclopen.c b/gnu/usr.sbin/sendmail/test/t_exclopen.c new file mode 100644 index 00000000000..5dc4000c4e2 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_exclopen.c @@ -0,0 +1,103 @@ +/* +** This program tests your system to see if you have the lovely +** security-defeating semantics that an open with O_CREAT|O_EXCL +** set will successfully open a file named by a symbolic link that +** points to a non-existent file. Sadly, Posix is mute on what +** should happen in this situation. +** +** Results to date: +** AIX 3.2 OK +** BSD family OK +** BSD/OS 2.1 OK +** FreeBSD 2.1 OK +** DEC OSF/1 3.0 OK +** HP-UX 9.04 FAIL +** HP-UX 9.05 FAIL +** HP-UX 9.07 OK +** HP-UX 10.01 OK +** HP-UX 10.10 OK +** HP-UX 10.20 OK +** Irix 5.3 OK +** Irix 6.2 OK +** Irix 6.3 OK +** Irix 6.4 OK +** Linux OK +** NeXT 2.1 OK +** Solaris 2.x OK +** SunOS 4.x OK +** Ultrix 4.3 OK +*/ + +#include <sys/types.h> +#include <sys/stat.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <unistd.h> + +#ifndef lint +static char id[] = "@(#)$Sendmail: t_exclopen.c,v 8.5 1999/08/28 00:25:28 gshapiro Exp $"; +#endif /* ! lint */ + +static char Attacker[128]; +static char Attackee[128]; + +static void +bail(status) + int status; +{ + (void) unlink(Attacker); + (void) unlink(Attackee); + exit(status); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + struct stat st; + + sprintf(Attacker, "/tmp/attacker.%d.%ld", getpid(), time(NULL)); + sprintf(Attackee, "/tmp/attackee.%d.%ld", getpid(), time(NULL)); + + if (symlink(Attackee, Attacker) < 0) + { + printf("Could not create %s->%s symlink: %d\n", + Attacker, Attackee, errno); + bail(1); + } + (void) unlink(Attackee); + if (stat(Attackee, &st) >= 0) + { + printf("%s already exists -- remove and try again.\n", + Attackee); + bail(1); + } + if (open(Attacker, O_WRONLY|O_CREAT|O_EXCL, 0644) < 0) + { + int save_errno = errno; + + if (stat(Attackee, &st) >= 0) + { + printf("Weird. Open failed but %s was created anyhow (errno = %d)\n", + Attackee, save_errno); + bail(1); + } + printf("Good show! Exclusive open works properly with symbolic links (errno = %d).\n", + save_errno); + bail(0); + } + if (stat(Attackee, &st) < 0) + { + printf("Weird. Open succeeded but %s was not created\n", + Attackee); + bail(2); + } + printf("Bad news: you can do an exclusive open through a symbolic link\n"); + printf("\tBe sure you #define BOGUS_O_EXCL in conf.h\n"); + bail(1); + + /* NOTREACHED */ + exit(0); +} diff --git a/gnu/usr.sbin/sendmail/test/t_pathconf.c b/gnu/usr.sbin/sendmail/test/t_pathconf.c new file mode 100644 index 00000000000..dbe8f0a207a --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_pathconf.c @@ -0,0 +1,74 @@ +/* +** The following test program tries the pathconf(2) routine. It should +** be run in a non-NFS-mounted directory (e.g., /tmp) and on remote (NFS) +** mounted directories running both NFS-v2 and NFS-v3 from systems that +** both do and do not permit file giveaway. +*/ + +#include <sys/types.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <unistd.h> +#ifdef EX_OK +# undef EX_OK /* unistd.h may have another use for this */ +#endif /* EX_OK */ +#include <sysexits.h> + +#ifndef lint +static char id[] = "@(#)$Sendmail: t_pathconf.c,v 8.5 1999/08/28 00:25:28 gshapiro Exp $"; +#endif /* ! lint */ + +int +main(argc, argv) + int argc; + char **argv; +{ + int fd; + int i; + char tbuf[100]; + extern int errno; + + if (geteuid() == 0) + { + printf("*** Run me as a non-root user! ***\n"); + exit(EX_USAGE); + } + + strcpy(tbuf, "TXXXXXX"); + fd = mkstemp(tbuf); + if (fd < 0) + { + printf("*** Could not create test file %s\n", tbuf); + exit(EX_CANTCREAT); + } + errno = 0; + i = pathconf(".", _PC_CHOWN_RESTRICTED); + printf("pathconf(.) returns %2d, errno = %d\n", i, errno); + errno = 0; + i = pathconf(tbuf, _PC_CHOWN_RESTRICTED); + printf("pathconf(%s) returns %2d, errno = %d\n", tbuf, i, errno); + errno = 0; + i = fpathconf(fd, _PC_CHOWN_RESTRICTED); + printf("fpathconf(%s) returns %2d, errno = %d\n", tbuf, i, errno); + if (errno == 0 && i >= 0) + { + /* so it claims that it doesn't work -- try anyhow */ + printf(" fpathconf claims that chown is safe "); + if (fchown(fd, 1, 1) >= 0) + printf("*** but fchown works anyhow! ***\n"); + else + printf("and fchown agrees\n"); + } + else + { + /* well, let's see what really happens */ + printf(" fpathconf claims that chown is not safe "); + if (fchown(fd, 1, 1) >= 0) + printf("as indeed it is not\n"); + else + printf("*** but in fact it is safe ***\n"); + } + (void) unlink(tbuf); + exit(EX_OK); +} diff --git a/gnu/usr.sbin/sendmail/test/t_seteuid.c b/gnu/usr.sbin/sendmail/test/t_seteuid.c new file mode 100644 index 00000000000..44fa5ba0de1 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_seteuid.c @@ -0,0 +1,129 @@ +/* +** This program checks to see if your version of seteuid works. +** Compile it, make it setuid root, and run it as yourself (NOT as +** root). If it won't compile or outputs any MAYDAY messages, don't +** define USESETEUID in conf.h. +** +** NOTE: It is not sufficient to have seteuid in your library. +** You must also have saved uids that function properly. +** +** Compilation is trivial -- just "cc t_seteuid.c". Make it setuid, +** root and then execute it as a non-root user. +*/ + +#include <sys/types.h> +#include <unistd.h> +#include <stdio.h> + +#ifndef lint +static char id[] = "@(#)$Sendmail: t_seteuid.c,v 8.4 1999/08/28 00:25:28 gshapiro Exp $"; +#endif /* ! lint */ + +#ifdef __hpux +# define seteuid(e) setresuid(-1, e, -1) +#endif /* __hpux */ + +static void +printuids(str, r, e) + char *str; + int r, e; +{ + printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e, + getuid(), geteuid()); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + int fail = 0; + uid_t realuid = getuid(); + + printuids("initial uids", realuid, 0); + + if (geteuid() != 0) + { + printf("SETUP ERROR: re-run setuid root\n"); + exit(1); + } + + if (getuid() == 0) + { + printf("SETUP ERROR: must be run by a non-root user\n"); + exit(1); + } + + if (seteuid(1) < 0) + printf("seteuid(1) failure\n"); + printuids("after seteuid(1)", realuid, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (seteuid(0) < 0) + { + fail++; + printf("seteuid(0) failure\n"); + } + printuids("after seteuid(0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + printf("\n"); + + if (seteuid(2) < 0) + { + fail++; + printf("seteuid(2) failure\n"); + } + printuids("after seteuid(2)", realuid, 2); + + if (geteuid() != 2) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (seteuid(0) < 0) + { + fail++; + printf("seteuid(0) failure\n"); + } + printuids("after seteuid(0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + + if (fail) + { + printf("\nThis system cannot use seteuid\n"); + exit(1); + } + + printf("\nIt is safe to define USESETEUID on this system\n"); + exit(0); +} diff --git a/gnu/usr.sbin/sendmail/test/t_setreuid.c b/gnu/usr.sbin/sendmail/test/t_setreuid.c new file mode 100644 index 00000000000..7d3f8485b47 --- /dev/null +++ b/gnu/usr.sbin/sendmail/test/t_setreuid.c @@ -0,0 +1,141 @@ +/* +** This program checks to see if your version of setreuid works. +** Compile it, make it setuid root, and run it as yourself (NOT as +** root). If it won't compile or outputs any MAYDAY messages, don't +** define HASSETREUID in conf.h. +** +** Compilation is trivial -- just "cc t_setreuid.c". Make it setuid, +** root and then execute it as a non-root user. +*/ + +#include <sys/types.h> +#include <unistd.h> +#include <stdio.h> + +#ifndef lint +static char id[] = "@(#)$Sendmail: t_setreuid.c,v 8.4 1999/08/28 00:25:28 gshapiro Exp $"; +#endif /* ! lint */ + +#ifdef __hpux +# define setreuid(r, e) setresuid(r, e, -1) +#endif /* __hpux */ + +static void +printuids(str, r, e) + char *str; + int r, e; +{ + printf("%s (should be %d/%d): r/euid=%d/%d\n", str, r, e, + getuid(), geteuid()); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + int fail = 0; + uid_t realuid = getuid(); + + printuids("initial uids", realuid, 0); + + if (geteuid() != 0) + { + printf("SETUP ERROR: re-run setuid root\n"); + exit(1); + } + + if (getuid() == 0) + { + printf("SETUP ERROR: must be run by a non-root user\n"); + exit(1); + } + + if (setreuid(0, 1) < 0) + { + fail++; + printf("setreuid(0, 1) failure\n"); + } + printuids("after setreuid(0, 1)", 0, 1); + + if (geteuid() != 1) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (setreuid(-1, 0) < 0) + { + fail++; + printf("setreuid(-1, 0) failure\n"); + } + printuids("after setreuid(-1, 0)", 0, 0); + if (setreuid(realuid, 0) < 0) + { + fail++; + printf("setreuid(%d, 0) failure\n", realuid); + } + printuids("after setreuid(realuid, 0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + printf("\n"); + + if (setreuid(0, 2) < 0) + { + fail++; + printf("setreuid(0, 2) failure\n"); + } + printuids("after setreuid(0, 2)", 0, 2); + + if (geteuid() != 2) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + + /* do activity here */ + + if (setreuid(-1, 0) < 0) + { + fail++; + printf("setreuid(-1, 0) failure\n"); + } + printuids("after setreuid(-1, 0)", 0, 0); + if (setreuid(realuid, 0) < 0) + { + fail++; + printf("setreuid(%d, 0) failure\n", realuid); + } + printuids("after setreuid(realuid, 0)", realuid, 0); + + if (geteuid() != 0) + { + fail++; + printf("MAYDAY! Wrong effective uid\n"); + } + if (getuid() != realuid) + { + fail++; + printf("MAYDAY! Wrong real uid\n"); + } + + if (fail) + { + printf("\nThis system cannot use setreuid\n"); + exit(1); + } + + printf("\nIt is safe to define HASSETREUID on this system\n"); + exit(0); +} |