-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathtestsuidroot.cc
127 lines (120 loc) · 3.55 KB
/
testsuidroot.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*___INFO__MARK_BEGIN__*/
/*************************************************************************
*
* The Contents of this file are made available subject to the terms of
* the Sun Industry Standards Source License Version 1.2
*
* Sun Microsystems Inc., March, 2001
*
*
* Sun Industry Standards Source License Version 1.2
* =================================================
* The contents of this file are subject to the Sun Industry Standards
* Source License Version 1.2 (the "License"); You may not use this file
* except in compliance with the License. You may obtain a copy of the
* License at http://gridengine.sunsource.net/Gridengine_SISSL_license.html
*
* Software provided under this License is provided on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
* WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS,
* MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING.
* See the License for the specific provisions governing your rights and
* obligations concerning the Software.
*
* The Initial Developer of the Original Code is: Sun Microsystems, Inc.
*
* Copyright: 2001 by Sun Microsystems, Inc.
*
* All Rights Reserved.
*
* Portions of this software are Copyright (c) 2023-2024 HPC-Gridware GmbH
*
************************************************************************/
/*___INFO__MARK_END__*/
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <sys/types.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
#include <cstring>
#include "msg_utilbin.h"
#include "uti/sge_uidgid.h"
/****** testsuidroot ***************************************
*
* NAME
* testsuidroot -- test if suid root flag works
*
* SYNOPSIS
* testsuidroot
*
* FUNCTION
* Tests, if the set user id flag works for user id root on
* the filesystem where testsuidroot is installed (might be
* disabled on NFS mounted filesystems).
*
* testsuidroot must be owned by root and the suid flag must be set.
* Example:
* -rwsr-xr-x 1 root root 7632 Mar 21 09:23 testsuidroot
*
* testsuidroot will perform the following checks:
* - has the program been started under a uid != 0
* - is the effective uid 0
* - can the program bind a privileged socket
*
* If a test fails, testsuid exits with an error message and return code
* != 0.
*
* INPUTS
* -q - optional parameter, sets quiet mode, no output will be generated
*
* RESULT
* 0, if all tests are OK
* 1, if testsuidroot has been started with uid 0
* 2, if effective uid != 0
* 3, if binding a privileged port fails
*
* EXAMPLE
*
* NOTES
*
* BUGS
*
* SEE ALSO
*
****************************************************************************
*/
int main(int argc, char *argv[]) {
int sock;
int res_port = 1023;
int quiet = 0;
if(argc == 2 && strcmp(argv[1], "-q") == 0) {
quiet = 1;
}
if(getuid() == SGE_SUPERUSER_UID) {
if(!quiet) {
fprintf(stderr, MSG_SUIDROOT_START_BY_NONROOT, argv[0]);
fprintf(stderr, "\n");
}
return 1;
}
if(geteuid() != SGE_SUPERUSER_UID) {
if(!quiet) {
fprintf(stderr, MSG_SUIDROOT_EFFECTIVE_USER_ROOT, argv[0]);
fprintf(stderr, "\n");
}
return 2;
}
sock = rresvport(&res_port);
if(sock == -1) {
if(!quiet) {
fprintf(stderr, MSG_SUIDROOT_BIND_PRIV_SOCK_FAILED, argv[0]);
fprintf(stderr, "\n");
}
return 3;
}
shutdown(sock, 0);
close(sock);
return 0;
}