1 /* $NetBSD: unsafe.c,v 1.2 2020/03/18 19:05:22 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* unsafe 3
6 /* SUMMARY
7 /* are we running at non-user privileges
8 /* SYNOPSIS
9 /* #include <safe.h>
10 /*
11 /* int unsafe()
12 /* DESCRIPTION
13 /* The \fBunsafe()\fR routine attempts to determine if the process
14 /* (runs with privileges or has access to information) that the
15 /* controlling user has no access to. The purpose is to prevent
16 /* misuse of privileges, including access to protected information.
17 /*
18 /* The result is always false when both of the following conditions
19 /* are true:
20 /* .IP \(bu
21 /* The real UID is zero.
22 /* .IP \(bu
23 /* The effective UID is zero.
24 /* .PP
25 /* Otherwise, the result is true if any of the following conditions
26 /* is true:
27 /* .IP \(bu
28 /* The issetuid kernel flag is non-zero (on systems that support
29 /* this concept).
30 /* .IP \(bu
31 /* The real and effective user id differ.
32 /* .IP \(bu
33 /* The real and effective group id differ.
34 /* LICENSE
35 /* .ad
36 /* .fi
37 /* The Secure Mailer license must be distributed with this software.
38 /* AUTHOR(S)
39 /* Wietse Venema
40 /* IBM T.J. Watson Research
41 /* P.O. Box 704
42 /* Yorktown Heights, NY 10598, USA
43 /*
44 /* Wietse Venema
45 /* Google, Inc.
46 /* 111 8th Avenue
47 /* New York, NY 10011, USA
48 /*--*/
49
50 /* System library. */
51
52 #include <sys_defs.h>
53 #include <unistd.h>
54
55 /* Utility library. */
56
57 #include "safe.h"
58
59 /* unsafe - can we trust user-provided environment, working directory, etc. */
60
unsafe(void)61 int unsafe(void)
62 {
63
64 /*
65 * The super-user is trusted.
66 */
67 if (getuid() == 0 && geteuid() == 0)
68 return (0);
69
70 /*
71 * Danger: don't trust inherited process attributes, and don't leak
72 * privileged info that the parent has no access to.
73 */
74 return (geteuid() != getuid()
75 #ifdef HAS_ISSETUGID
76 || issetugid()
77 #endif
78 || getgid() != getegid());
79 }
80