1 /*	$NetBSD: unsafe.c,v 1.2 2020/03/18 19:05:22 christos Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	unsafe 3
6 /* SUMMARY
7 /*	are we running at non-user privileges
8 /* SYNOPSIS
9 /*	#include <safe.h>
10 /*
11 /*	int	unsafe()
12 /* DESCRIPTION
13 /*	The \fBunsafe()\fR routine attempts to determine if the process
14 /*	(runs with privileges or has access to information) that the
15 /*	controlling user has no access to. The purpose is to prevent
16 /*	misuse of privileges, including access to protected information.
17 /*
18 /*	The result is always false when both of the following conditions
19 /*	are true:
20 /* .IP \(bu
21 /*	The real UID is zero.
22 /* .IP \(bu
23 /*	The effective UID is zero.
24 /* .PP
25 /*	Otherwise, the result is true if any of the following conditions
26 /*	is true:
27 /* .IP \(bu
28 /*	The issetuid kernel flag is non-zero (on systems that support
29 /*	this concept).
30 /* .IP \(bu
31 /*	The real and effective user id differ.
32 /* .IP \(bu
33 /*	The real and effective group id differ.
34 /* LICENSE
35 /* .ad
36 /* .fi
37 /*	The Secure Mailer license must be distributed with this software.
38 /* AUTHOR(S)
39 /*	Wietse Venema
40 /*	IBM T.J. Watson Research
41 /*	P.O. Box 704
42 /*	Yorktown Heights, NY 10598, USA
43 /*
44 /*	Wietse Venema
45 /*	Google, Inc.
46 /*	111 8th Avenue
47 /*	New York, NY 10011, USA
48 /*--*/
49 
50 /* System library. */
51 
52 #include <sys_defs.h>
53 #include <unistd.h>
54 
55 /* Utility library. */
56 
57 #include "safe.h"
58 
59 /* unsafe - can we trust user-provided environment, working directory, etc. */
60 
unsafe(void)61 int     unsafe(void)
62 {
63 
64     /*
65      * The super-user is trusted.
66      */
67     if (getuid() == 0 && geteuid() == 0)
68 	return (0);
69 
70     /*
71      * Danger: don't trust inherited process attributes, and don't leak
72      * privileged info that the parent has no access to.
73      */
74     return (geteuid() != getuid()
75 #ifdef HAS_ISSETUGID
76 	    || issetugid()
77 #endif
78 	    || getgid() != getegid());
79 }
80