13 void test_setnone(void);
14 void test_setuid(void);
15 void test_setgid(void);
16 void test_effugid(void);
17 int execute(const char *prog
, const char *arg
);
19 int execute(const char *prog
, const char *arg
)
25 snprintf(cmd
, sizeof(cmd
), "./%s", prog
);
28 if (childpid
== (pid_t
) -1) {
30 } else if (childpid
== 0) {
31 if (execl(cmd
, prog
, arg
, NULL
) == -1) {
34 return(-2); /* Never reached */
39 return(WEXITSTATUS(status
));
42 void test_setgid(void)
44 /* Execve a new process that has setgid bits set */
47 /* When we exec a new process which has setgid set, that process should
50 system("chmod 2755 setgid");
51 if (execute("setgid", "0000") != 1) e(2);
53 /* When we exec a new process which has setgid set, but unsets that bit
54 * before calling issetugid() should still be tainted
56 system("chmod 2755 setgid");
57 if (execute("setgid", "0755") != 1) e(3);
59 /* When we exec a new process which has setgid set, and then also sets
60 * setuid before calling issetugid() should still be tainted
62 system("chmod 2755 setgid");
63 if (execute("setgid", "06755") != 1) e(4);
65 /* When we exec a new process that has setgid set, and which upon
66 * execution forks, the forked child should also be tainted */
67 system("chmod 2755 setgidfork");
68 if (execute("setgidfork", "0000") != 1) e(5);
71 void test_setuid(void)
73 /* Execve a new process that has setuid bits set */
76 /* When we exec a new process which has setuid set, that process should
79 system("chmod 4755 setuid");
80 if (execute("setuid", "0000") != 1) e(1);
82 /* When we exec a new process which has setuid set, but unsets that bit
83 * before calling issetugid() should still be tainted
85 system("chmod 4755 setuid");
86 if (execute("setuid", "0755") != 1) e(2);
88 /* When we exec a new process which has setuid set, and then also sets
89 * setgid before calling issetugid() should still be tainted
91 system("chmod 4755 setuid");
92 if (execute("setuid", "06755") != 1) e(3);
94 /* When we exec a new process that has setgid set, and which upon
95 * execution forks, the forked child should also be tainted */
96 system("chmod 4755 setuidfork");
97 if (execute("setuidfork", "0000") != 1) e(4);
101 static void test_setugid(void)
103 /* Execve a new process that has setuid and setgid bits set */
106 /* When we exec a new process which has setugid set, that
107 * process should be tainted.
109 system("chmod 6755 setugid");
110 if (execute("setugid", "0000") != 1) e(1);
112 /* When we exec a new process which has setugid set, but unsets those bits
113 * before calling issetugid() should still be tainted
115 system("chmod 6755 setugid");
116 if (execute("setugid", "0755") != 1) e(2);
118 /* When we exec a new process that has setugid set, and which upon
119 * execution forks, the forked child should also be tainted */
120 system("chmod 6755 setugidfork");
121 if (execute("setugidfork", "0000") != 1) e(4);
125 void test_effugid(void)
127 /* Test taint status with different effective uid and gid */
133 /* Start with effective uid */
135 if (childpid
== (pid_t
) -1) e(1);
136 else if (childpid
== 0) {
137 /* We're the child */
139 /* We should be tainted */
140 if (issetugid() != 1) e(2);
142 /* Now execute a program without set{u,g}id; should not be tainted */
143 system("chmod 755 nobits");
144 if (execute("nobits", "0000") != 0) e(3);
146 /* Change effective uid into current+42 and try nobits again. This time
147 * it should be tainted */
148 if (seteuid(geteuid() + 42) != 0) e(4);
149 if (execute("nobits", "0000") != 1) e(5);
152 /* We're the parent, wait for the child to finish */
156 /* Now test effective gid */
158 if (childpid
== (pid_t
) -1) e(1);
159 else if (childpid
== 0) {
160 /* We're the child */
162 /* We should be tainted */
163 if (issetugid() != 1) e(2);
165 /* Now execute a program without set{u,g}id; should not be tainted */
166 system("chmod 755 nobits");
167 if (execute("nobits", "0000") != 0) e(3);
169 /* Change effective gid into current+42 and try nobits again. This time
170 * it should be tainted */
171 if (seteuid(getegid() + 42) != 0) e(4);
172 if (execute("nobits", "0000") != 1) e(5);
175 /* We're the parent, wait for the child to finish */
180 void test_setnone(void)
182 /* Execve a new process that does not have setuid or setgid bits set */
185 /* When we exec a new process which doesn't have set{u,g}id set, that
186 * process should not be tainted */
187 system("chmod 755 nobits");
188 if (execute("nobits", "0000") != 0) e(2);
190 /* When we exec a new process which doesn't have set{u,g}id set, but
191 * sets them after execution, the process should still not be tainted
193 system("chmod 755 nobits");
194 if (execute("nobits", "02755") != 0) e(4);
195 system("chmod 755 nobits");
196 if (execute("nobits", "04755") != 0) e(3);
197 system("chmod 755 nobits");
198 if (execute("nobits", "06755") != 0) e(5);
200 /* When we exec a new process that doesn't have setugid set, and which upon
201 * execution forks, the forked child should not be tainted either */
202 system("chmod 755 nobitsfork");
203 if (execute("nobitsfork", "0000") != 0) e(6);
208 /* We're supposed to be setuid. Verify. */
215 if (issetugid() != 1) e(1);
217 if (childpid
== -1) e(2);
218 else if (childpid
== 0) {
219 /* We're the child and should inherit the tainted status of the parent
221 if (issetugid() != 1) e(3);
223 /* Let's change to the bin user */
224 if (setuid((uid_t
) 2) != 0) e(4);
225 if (getuid() != (uid_t
) 2) e(5);
227 /* At this point, taint status should not have changed. */
228 if (issetugid() != 1) e(6);
232 /* We're the parent. Wait for the child to finish */
237 static void switch_to_su(void)
240 if (setuid(0) != 0) e(1);
243 int main(int argc
, char **argv
)
246 system("cp ../t60a nobits");
247 system("cp ../t60a setgid");
248 system("cp ../t60a setuid");
249 system("cp ../t60a setugid");
250 system("cp ../t60b nobitsfork");
251 system("cp ../t60b setuidfork");
252 system("cp ../t60b setgidfork");
253 system("cp ../t60b setugidfork");
255 switch_to_su(); /* We have to be root to perform this test */
265 return(-1); /* Never reached */